Selectively Restricting Communications from Third Party Applications/Devices to Electronic Devices

ABSTRACT

A method for providing access to a target electronic device through a first service running on a different electronic device may include receiving in the first service a command directed to the target electronic device from a command sender and receiving in the service device operation status parameters of the target electronic device. The device operation status parameters may include properties of the target electronic device such as a battery level, a battery charging rate, an age, a planned lifespan, a recent wireless usage, an internal temperature, or any of the above in relation to an intervening electronic device over which communication to the target electronic device travels, or any combination thereof. The method may also include using the device operation status parameters to determine, using the service, whether to provide or not to provide an update signal incorporating the command or information to the target electronic device.

RELATED APPLICATION

This application claims priority and is a continuation of U.S. Utilitypatent application Ser. No. 14/312,637, filed on Jun. 23, 2014, which isincorporated herein by reference in its entirety.

BACKGROUND

This disclosure relates to controlling access to electronic devices viaapplication programming interface (API) restrictions, and morespecifically to device-state-based message limiting and/or rule-basedrate limiting of access to an electronic device to preserve a userexperience with the electronic device.

This section is intended to introduce the reader to various aspects ofart that may be related to various aspects of the present disclosure,which are described and/or claimed below. This discussion is believed tobe helpful in providing the reader with background information tofacilitate a better understanding of the various aspects of the presentdisclosure. Accordingly, it should be understood that these statementsare to be read in this light, and not as admissions of prior art.

People interact with a number of different electronic devices on a dailybasis. In a home setting, for example, a person may interact with smartthermostats, lighting systems, alarm systems, entertainment systems, anda variety of other electronic devices. To interact with some of theseelectronic devices, a person may communicate a command using anapplication program running on another electronic device. For instance,a person may control the temperature setting on a smart thermostat usingan application program running on a smartphone. The application programmay communicate with a secure online service that interacts with thatthermostat.

To preserve the user experience associated with an electronic device,the manufacturer of the electronic device may also develop theapplication programs to control the electronic device. Opening access tothe electronic devices to third-party developers, however, maypotentially improve the experience of some people with the devices—butonly if third-party application programs do not cause the electronicdevices to behave in an undesirable manner. Moreover, even electronicdevices of the same type may have characteristics (e.g., battery leveland/or charging rate) that vary among different installations of thedevices. For instance, some smart thermostats may recharge internalbatteries using a main 120V or 240V building power supply, while othersof the same type may recharge batteries using a much more limited supplyof power. Thus, allowing third party developers unfettered access tothese electronic devices introduces a risk that the operation of some ofthe electronic devices, and thus the user experience associated withthose devices, may suffer.

SUMMARY

A summary of certain embodiments disclosed herein is set forth below. Itshould be understood that these aspects are presented merely to providethe reader with a brief summary of these certain embodiments and thatthese aspects are not intended to limit the scope of this disclosure.Indeed, this disclosure may encompass a variety of aspects that may notbe set forth below.

According to embodiments of this disclosure, device-state-based messagelimiting and/or rule-based rate limiting may enable third-partyapplications to access different installations of devices (e.g., via anapplication programming interface (API)) without potentially negativelyimpacting the operation of, and thus the user experience with, thosedevices. Namely, the third-party applications may communicate notdirectly with a target device (e.g., a smart home device such as a smartthermostat), but rather through a device service. The device service mayperform device-state-based message limiting by deciding whether toprovide or not to provide a corresponding update signal to the targetdevice based on one or more factors such as an operation statusparameter of the device.

Such an operation status parameter may include, for example, a currentbattery level, charging rate, device age, planned device lifespan,recent wireless usage, internal temperature, and/or the operation statusparameters of other connected devices that are being used to access thesmart home device. Since parameters like these may vary from device todevice—even for devices of the same type and/or within the samesmart-home environment—the device service may tailor device-state-basedmessage limiting of communication to different devices according totheir (possibly unique) operation status parameters.

Additionally or alternatively, the device service may rate-limit thenumber of incoming messages to prevent the target device, the deviceservice itself, or both, from becoming overwhelmed with certain messagesaccording to parameterized rules. This rule-based rate limiting mayinvolve determining parameters of the messages and rate-limiting themessages according to the rules that involve the same parameters. Forexample, messages may be parsed to determine which instance of anapplication and/or which unique user sent the message. Rules may bedefined according to these parameters. An application instance and/or auser may be permitted, for example, to send only so many messages duringany given first time period (e.g., 20 messages per minute) and any givensecond time period (e.g., 60 messages per hour). Thus, messages havingparameters that match the parameters of a rule may be counted using asliding window counter that counts those messages received within somespecified amount of time (e.g., within the last minute or within thelast hour). When the count of a sliding window counter exceeds a certainlimit (e.g., a count of 20 messages received within the last minute),the device service may take a restrictive action. For example, thedevice service may block, redirect, or delay the message, and/or mayrespond to the sender of the message with an error or warning message.

Using rule-based rate limiting, the device service may enable messagesto be rate-limited in a highly extendable way. Indeed, any suitablenumber of rules may be generated based on any suitable number ofparameters that may be parsed and/or ascertained from the messagesreceived by the device service. Moreover, in certain examples, messagetracking (e.g., counting messages with parameters that match certainrules using sliding window counters) may take place asynchronously tothe receipt of the messages, while message restriction (e.g., performinga restrictive action when the number of messages in a sliding windowexceeds a limit) may take place substantially synchronously. This mayreduce the latency that rate limiting can introduce. Namely,asynchronous message tracking may be used to determine whether torestrict future messages having certain parameters (e.g., by causing thedevice service to take a restrictive action when a sliding window countof such messages exceeds a limit). By making the decision of whether torestrict certain types of messages asynchronously, the processing timefor making this decision does not hold up the message as it passesthrough the device service. In one particular example, asynchronousmessage tracking may involve maintaining a sliding window count ofmessages deriving from a particular instance of an applicationassociated with a particular user. The sliding window count may beupdated as messages from the application/user are received withoutslowing the passage of the message while the count is updated. When thesliding window count exceeds a certain limit, however, a synchronousrestriction flag may be set. The synchronous restriction flag may causethe messages to be synchronously restricted (e.g., to cause the deviceservice to take certain restrictive action). This may permit even verycomplex rule-based rate limiting while reducing the amount of latencythat such complex rate-limiting rules would introduce.

In one embodiment, a method for providing access to a target electronicdevice through a first service running on a different electronic devicemay include receiving in the first service a command or informationdirected to the target electronic device from a command or informationsender and receiving in the service one or more device operation statusparameters of the target electronic device. The one or more deviceoperation status parameters of the target electronic device may includea battery level of the target electronic device, a battery charging rateof the target electronic device, an age of the target electronic device,a planned lifespan of the target electronic device, a recent wirelessusage of the target electronic device, an internal temperature of thetarget electronic device, or any of the above in relation to anintervening electronic device over which communication to the targetelectronic device travels, or any combination thereof. The method mayalso include using the one or more device operation status parameters todetermine, using the service, whether to provide or not to provide anupdate signal incorporating the command or information to the targetelectronic device.

In another embodiment, a tangible, non-transitory computer-readablemedium may include instructions to receive a device request messagetargeted to a first smart home device accessible via a device service,determine a first battery threshold based at least in part on a chargingrate of a battery of the first smart home device, and compare a batterylevel of the first target smart home device with the first batterythreshold. The instruction may then provide an update signal from thedevice service to the first smart home device only when the batterylevel exceeds the first threshold, such that the update signalincorporates at least partly the device request message.

In yet another embodiment, an electronic device may include a sensor tosense a property of an environment of the electronic device, a processorto vary an operation of the electronic device based at least in part onthe property sensed by the sensor, and a network interface tocommunicate over a network with a single device service. To communicatewith the device service may include sending an outgoing message thatincludes one or more operation status parameters of the electronicdevice and receiving an incoming control message from the device serviceat a rate limited based at least in part on the one or more operationstatus parameters.

In yet another embodiment, a method may include receiving in a deviceservice running on a server electronic device from a first program orfirst program service associated with the first program, a first devicerequest message targeted to a first electronic device accessible via thedevice service. The method may also include receiving in a deviceservice running on a server electronic device from a second program orsecond program service associated with the second program, a seconddevice request message targeted to the first electronic deviceaccessible via the device service. The method may then includedetermining, based at least in part on one or more operation statusparameters, whether to provide or not to provide an update signal thatincorporates the first and second device request messages to the firstelectronic device. Here, the one or more operation status parameters mayinclude a battery level of the first target electronic device, a batterycharging rate of the first target electronic device, an age of the firsttarget electronic device, a planned lifespan of the first targetelectronic device, a recent wireless usage of the first targetelectronic device, an internal temperature of the first targetelectronic device, or any of the above in relation to an interveningelectronic device over which communication to the first targetelectronic device travels, or any combination thereof.

In yet another embodiment, an electronic device may include a sensor tosense a property of an environment of the electronic device, a processorto vary an operation of the electronic device based at least in part onthe property sensed by the sensor and determine when to limit externalcommunication with the electronic device based at least in part on oneor more operation status parameters of the electronic device, and anetwork interface to communicate over a network with a single deviceservice. To communicate with the device service includes sending anoutgoing message that includes an indication of the limit determination.

Various refinements of the features noted above may exist in relation tovarious aspects of the present disclosure. Further features may also beincorporated in these various aspects as well. These refinements andadditional features may exist individually or in any combination. Forinstance, various features discussed below in relation to one or more ofthe illustrated embodiments may be incorporated into any of theabove-described aspects of the present disclosure alone or in anycombination. The brief summary presented above is intended only tofamiliarize the reader with certain aspects and contexts of embodimentsof the present disclosure without limitation to the claimed subjectmatter.

BRIEF DESCRIPTION OF THE DRAWINGS

Various aspects of this disclosure may be better understood upon readingthe following detailed description and upon reference to the drawings inwhich:

FIG. 1 is a block diagram of a smart home device, in accordance with anembodiment;

FIG. 2 is a block diagram of a connected smart home environment thatincludes a number of smart home devices, in accordance with anembodiment;

FIG. 3 is a block diagram illustrating a manner of controlling and/oraccessing the smart home environment using services over the internet,in accordance with an embodiment;

FIG. 4 is a block diagram of processing paradigms that may be used tocontrol devices of the smart home environment, in accordance with anembodiment;

FIG. 5 is a block diagram of a system that uses device-state-basedmessage limiting and/or rule-based rate limiting to provide third-partyaccess to smart home devices without negatively impacting the userexperience with the smart home devices, in accordance with anembodiment;

FIG. 6 is a flowchart of a method for performing device-state-basedmessage limiting using the system of FIG. 5, in accordance with anembodiment;

FIG. 7 is a plot of battery level in relation to various access rates,in accordance with an embodiment;

FIG. 8 is a plot of internal temperature in relation to various accessrates, in accordance with an embodiment;

FIG. 9 is a flowchart of a method for performing device-state-basedmessage limiting using battery level and/or charging rate, age, plannedlifespan, and/or recharge ability, in accordance with an embodiment;

FIG. 10 is a schematic visualization of battery level thresholds fordevice-state-based message limiting for a rechargeable device with afast charging rate, in accordance with an embodiment;

FIG. 11 is a schematic visualization of battery level thresholds fordevice-state-based message limiting for a rechargeable device with aslow charging rate, in accordance with an embodiment;

FIG. 12 is a schematic visualization of battery level thresholds for anon-rechargeable device, in accordance with an embodiment;

FIG. 13 is a flowchart of a method for performing device-state-basedmessage limiting using wireless usage and/or the internal temperature ofa smart home device, in accordance with an embodiment;

FIG. 14 is a flowchart of a method for performing device-state-basedmessage limiting using device operation parameters of other connectedelectronic devices, in accordance with an embodiment;

FIG. 15 is a block diagram of a rule-based rate-limiting system, inaccordance with an embodiment;

FIG. 16A-B are diagrams representing sliding window counters of messagesreceived over time, in accordance with an embodiment;

FIG. 17 is a flowchart of a method for rule-based rate limiting to takeaction when a sliding window counter exceeds some limit, in accordancewith an embodiment;

FIG. 18 is a block diagram of one example of the arrangement ofcomponents that may be used by the rule-based rate limiting system, inaccordance with an embodiment;

FIG. 19 is a flowchart of a method for synchronously determining to takeor not to take an action when an incoming request message is received,in accordance with an embodiment;

FIG. 20 is a flowchart of a method for synchronously filtering a messageand asynchronously updating a filter, in accordance with an embodiment;and

FIG. 21 is an object data model that relates various system componentsthat may be used to create the rule-based rate limiting system of FIG.18, in accordance with an embodiment.

DETAILED DESCRIPTION

Overview

One or more specific embodiments will be described below. In an effortto provide a concise description of these embodiments, not all featuresof an actual implementation are described in the specification. Itshould be appreciated that in the development of any such actualimplementation, as in any engineering or design project, numerousimplementation-specific decisions must be made to achieve thedevelopers' specific goals, such as compliance with system-related andbusiness-related constraints, which may vary from one implementation toanother. Moreover, it should be appreciated that such a developmenteffort might be complex and time consuming, but would nevertheless be aroutine undertaking of design, fabrication, and manufacture for those ofordinary skill having the benefit of this disclosure.

A number of smart home devices may serve the inhabitants of a home. Forexample, a smart thermostat, such as the Nest®. Learning Thermostat byNest Labs, Inc. (a company of Google, Inc.), may learn the inhabitants'behavior and adjust the temperature to suit their preferences. A smarthazard detector, such as the Nest®. Protect by Nest Labs, maycommunicate with other smart home devices while performing hazarddetection functions to keep the inhabitants safe. While it may bepossible for users to interact with the smart home devices directly,e.g., via a user interface on the smart thermostat or a button on thesmart hazard detector, it may also be possible for users to interactwith the smart home devices indirectly, e.g., via an applicationexecuting on a mobile device such as a smartphone, via an applicationexecuting on a centralized home automation controller, via anapplication executing within a dashboard of a vehicle, etc. While it isclearly desirable and, in my cases, typical, for the same entity thatdesigns, manufactures, and sells the smart home devices themselves toalso design and distribute technologies for indirect control of thosesmart home devices, it may also be desirable for that entity to enableother entities to design and distribute technologies for indirectcontrol of those smart home devices. For example, by opening upmonitoring and control of those smart home devices to third parties,innovative uses of those smart home devices and levels of integration ofthose devices with (what may initially be perceived as) entirelyunrelated devices may advantageously be realized so as to facilitateconsumer benefits and technology synergies that may have gone unrealizedabsent such collaboration.

However, providing third parties with unrestricted access to interactwith the smart home devices may disadvantageously result inunintended—and potentially undesirable—consequences. For example,unfettered access may cause the smart home devices to behave in anunsatisfactory manner, fail to operate as intended, or otherwise resultin an undesirable user experience. In some particular instances, smarthome devices may be particularly power conscious. For example, smartthermostats may have relatively low capacity rechargeable batteriescoupled with a relatively low current recharging source. For anotherexample, smart hazard detectors may only be equipped withnon-rechargeable batteries while it is desired to maximize the lifetimeof those batteries. Notwithstanding these power limitations, it shouldbe appreciated that interactions with the smart home devices maynecessarily require consumption of electrical energy by those devices.For example, requesting a current indoor temperature from a smartthermostat via an indirect monitoring device may require the smartthermostat to transition from a sleep mode to an awake mode, actuate aprocessor to obtain sensor measurements, and/or enable a Wifi chip towirelessly communicate those sensor measurements to the indirectmonitoring device. Similarly, setting a current setpoint temperature onthe smart thermostat via an indirect monitoring device may require thesmart thermostat to transition from a sleep mode to an awake mode,enable a Wifi chip to wirelessly receive the desired setpointtemperature from the indirect monitoring device, and/or actuate aprocessor configure operation of the smart thermostat in accordance withthe desired setpoint temperature.

According to embodiments of this disclosure, device-state-based messagelimiting may enable third-party devices and/or applications to accesssmart home devices (e.g., via an application programming interface(API)) while reducing the likelihood that the third-party interactionwill negatively impact operation of and thus the user experience withthose devices. In some embodiments, the third-party devices and/orapplications may communicate directly with the smart home device viaeither a wired or wirelessly connection. In other embodiments, however,the third-party devices and/or applications may communicate indirectlywith a smart home device via a cloud-based device service. In eithercase, device-state-based message limiting may be imposed on thethird-party devices and/or applications (via, e.g., the smart homedevice itself, the API, the cloud-based device service, etc.) based onoperation status parameters of the device. The operation statusparameters generally characterize current, historical, and/or futureoperational characteristics of the smart home device, and may include,for example, a current battery level, charging rate, device age, planneddevice lifespan, recent wireless usage, internal temperature, currentoperation of the device (e.g., sleeping, awake, Wifi active/inactive,executing a demand-response algorithm, executing a time-to-temperaturealgorithm, etc.), and/or the current, historical, and/or futureoperational characteristics of other connected devices associated withthe smart home environment.

Such device-state-based message limiting may be implemented in any oneor more of a number of different fashions. For example, it may beimplemented as a limit in the number of communications sent from thecloud-based device service to the smart home device on behalf of thethird party device/application in a given period of time, the number ofcommunications sent from the third party device/application to the smarthome device via the API in a given period of time, the number ofcommunications received and/or processed by the smart home device thatwere sent from a third party device/application, etc.

In one particular example, device-state-based message limiting may beimposed on communications sent to a smart home device from a cloud-basedservice based on a battery level of the smart home device. Specifically,to ensure that third-party communications targeted to a particulardevice do not cause the battery level to drain too quickly, the deviceservice may only provide a corresponding update signal to the devicewhen the battery level is sufficiently high in relation to the chargingrate of the battery. Similarly, if the smart home device does not have arechargeable battery, the battery level may be compared against thecurrent age of the device and its planned lifespan. The device servicemay or may not provide the device update signal based on whether thebattery level is likely to allow the device to meet or exceeds itsplanned lifespan.

It should be appreciated that limiting communication to a single maximumrate of communication (e.g., 1 session per minute) may not suffice forall devices. That is, different devices (even those of the same type,such as installations of smart hazard detectors throughout a house) maybehave much differently even with communication limited to the samemaximum rate. For example, some smart home devices may have a dedicated120V or 240V power supply by which the batteries of these devices cancharge. These devices may support, under many conditions, a relativelyhigh device access rate. On the other hand, some smart home devices mayhave a very limited power supply by which the batteries of these devicescan charge (or may not even be rechargeable at all). A relatively highdevice access rate could cause the batteries to drain too fast to bereplenished for normal usage. Accordingly, these devices may not be ableto support the same relatively high device access rate withoutincreasing the risk that device operation may be negatively impacted.

Additionally or alternatively, the device service may rate-limit thenumber of incoming messages to prevent the target device, the deviceservice itself, or both, from becoming overwhelmed with certain messagesaccording to parameterized rules. This rule-based device-state-basedmessage limiting may involve determining parameters of the messages andrate-limiting the messages according to the rules that involve the sameparameters. For example, messages may be parsed to determine whichinstance of an application and/or which unique user sent the message.Rules may be defined according to these parameters. An applicationinstance and/or a user may be permitted, for example, to send only somany messages during any given first time period (e.g., 20 messages perminute) and any given second time period (e.g., 60 messages per hour).Thus, messages having parameters that match the parameters of a rule maybe counted using a sliding window counter that counts those messagesreceived within some specified amount of time (e.g., within the lastminute or within the last hour). When the count of a sliding windowcounter exceeds a certain limit (e.g., a count of 20 messages receivedwithin the last minute), the device service may take a restrictiveaction. For example, the device service may block, redirect, or delaythe message, and/or may respond to the sender of the message with anerror or warning message.

Using rule-based device-state-based message limiting, the device servicemay enable messages to be rate-limited in a highly extendable way.Indeed, any suitable number of rules may be generated based on anysuitable number of parameters that may be parsed and/or ascertained fromthe messages received by the device service. Moreover, in certainexamples, message tracking (e.g., counting messages with parameters thatmatch certain rules using sliding window counters) may take placeasynchronously to the receipt of the messages, while message restriction(e.g., performing a restrictive action when the number of messages in asliding window exceeds a limit) may take place substantiallysynchronously. This may reduce the latency that device-state-basedmessage limiting can introduce. Namely, asynchronous message trackingmay be used to determine whether to restrict future messages havingcertain parameters (e.g., by causing the device service to take arestrictive action when a sliding window count of such messages exceedsa limit). By making the decision of whether to restrict certain types ofmessages asynchronously, the processing time for making this decisiondoes not hold up the message as it passes through the device service. Inone particular example, asynchronous message tracking may involvemaintaining a sliding window count of messages deriving from aparticular instance of an application associated with a particular user.The sliding window count may be updated as messages from theapplication/user are received without slowing the passage of the messagewhile the count is updated. When the sliding window count exceeds acertain limit, however, a synchronous restriction flag may be set. Thesynchronous restriction flag may cause the messages to be synchronouslyrestricted (e.g., to cause the device service to take certainrestrictive action). This may permit even very complex rule-baseddevice-state-based message limiting while reducing the amount of latencythat such complex rate-limiting rules would introduce.

The Smart Home Environment

The various systems, methods, devices, and computer program products ofthis disclosure may be used to maintain a level of quality of the userexperience for any suitable number and type of electronic devices. Thisdisclosure will describe device-state-based message limiting andrule-based device-state-based message limiting in the context of a smarthome environment that includes at least one smart home device. Thesystems, methods, devices, and computer program products of thisdisclosure, however, may provide substantial benefits to communicationwith any suitable electronic devices in any suitable environment. Inother words, performing device-state-based message limiting and/orrule-based device-state-based message limiting may be used in anysuitable number of contexts, whether in a smart home environment orotherwise.

By way of introduction, FIG. 1 is a block diagram of one example of asmart home device 10. In one embodiment, the smart home device 10 mayinclude one or more sensors 12, a user-interface component 14, a powersupply 16 (e.g., including a power connection and/or battery), a networkinterface 18, memory 20, and one or more processors 22. These componentsare intended to be representative and are not intended to be exhaustive.By way of example, the smart home device 10 may be a Nest®. LearningThermostat—1 st Generation T100577, a Nest®. Learning Thermostat—2ndGeneration T200577, or a Nest®. Protect, each of which is made by NestLabs, Inc., a company of Google, Inc.

The sensor(s) 12 may detect various properties of the environment of thesmart home device 10, and/or properties of the smart home device 10itself. These may include acceleration, temperature (indoor temperature,device temperature, etc.), humidity, water, supplied power, proximity,external motion, device motion, sound signals, ultrasound signals, lightsignals, fire, smoke, carbon monoxide, global-positioning-satellite(GPS) signals, radio-frequency (RF), other electromagnetic signals orfields, or the like. As such, the sensor(s) 12 may include temperaturesensor(s), humidity sensor(s), hazard-related sensor(s) or otherenvironmental sensor(s), accelerometer(s), microphone(s), opticalsensors up to and including camera(s) (e.g., charged coupled-device orvideo cameras), active or passive radiation sensors, GPS receiver(s) orradiofrequency identification detector(s), etc. In some instances, thesmart home device 10 may include one or more primary sensors and one ormore secondary sensors. For example, the primary sensor(s) may sensedata central to the core operation of the device (e.g., sensing atemperature in a thermostat or sensing smoke in a smoke detector), whilethe secondary sensor(s) may sense other types of data (e.g., motion,light or sound), which can be used for energy-efficiency objectives orsmart-operation objectives.

One or more user-interface components 14 in the smart home device 10 mayreceive input from the user and/or present information to the user whenthe user interacts in person with the smart home device 10. For example,the user may mechanically move a sliding component (e.g., along avertical or horizontal track) or rotate a rotatable ring (e.g., along acircular track) to adjust a temperature setting. The power-supplycomponent 16 may include a power connection and/or a local battery. Forexample, the power connection may connect the smart home device 10 to apower source such as a line voltage source. In some instances, an ACpower source can be used to repeatedly charge a (e.g., rechargeable)local battery, such that the battery may be used later to supply powerto the smart home device 10 when the AC power source is not available.In cases where the smart home device 10 does not have access to anexternal supply of power, the power-supply component 16 may be anon-rechargeable battery that is sized appropriately to last at least aslong as a planned lifespan of the smart home device under normaloperating conditions. The network interface 18 may include a componentthat enables the smart home device 10 to communicate between devices. Assuch, the network interface 18 may enable the smart home device 10 tocommunicate with other devices 10 via a wired or wireless network. Thenetwork interface 18 may include a wireless card or some othertransceiver connection to facilitate this communication. In someembodiments, the network interface 18 may includes multiple networkingcomponents to facilitate communications over a variety of networkingprotocols and/or communication architectures. For example, the networkinterface 18 may include multiple wireless communication components,such as a low-power wireless communication component (e.g., an IEEE802.15.4. wireless transceiver) and a high-power wireless communicationcomponent (e.g., an IEEE 802.11 wireless transceiver). In at least oneembodiment, in a sleep mode, the high-power wireless communicationcomponent may be disabled or otherwise inoperative, while the low-powerwireless communication component may listen for communications to thedevice 10. Upon receiving some communications, in at least oneembodiment, the low-power wireless communication component may performan initial analysis on the received communication and determine whetherto wake-up the device 10 (e.g., actuate the high-power processor orother processor to perform some operation based on the receivedcommunication).

Memory 20 may store instructions to execute on the processor(s) 22. Inone example, the memory 20 may include an article of manufacture such asflash memory, a hard drive, random access memory, or the like. Theprocessor(s) 22 may include a general-purpose processor that carries outcomputer code stored in the memory device 20, a special-purposeprocessor or application-specific integrated circuit, or somecombination of these. The processor(s) 22 may also represent any othersuitable type of hardware/firmware/software processing platforms. Incertain embodiments, the processor(s) 22 includes a high-power processorthat may execute computationally intensive operations, such as operatingthe user-interface component 14 and the like, and a low-power processorthat may manage less complex processes such as detecting a hazard ortemperature from the sensor 12. In one embodiment, the low-powerprocessor may wake or initialize the high-power processor forcomputationally intensive processes.

By way of example, when the processor(s) 22 includes both a high-powerprocessor and a low-power processor, the low-power processor may detectwhen a location (e.g., a house or room) is occupied (i.e., includes apresence of a human) and/or whether it is occupied by a specific personor is occupied by a specific number of people (e.g., relative to one ormore thresholds). In one embodiment, this detection can occur byanalyzing microphone signals, detecting user movements (e.g., in frontof a device), detecting openings and closings of doors or garage doors,detecting wireless signals, detecting an internet protocol (IP) addressof a received signal, detecting operation of one or more devices withina time window, or any other suitable techniques. The high-powerprocessor and the low-power processor may include image recognitiontechnology to identify particular occupants or objects. In certainembodiments, the high-power processor and the low-power processor maydetect the presence of a human using a passive infrared (PIR) sensor 24.

In some instances, the high-power processor of the processor(s) 22 maypredict desirable settings and/or implement those settings. For example,based on the presence detection, the high-power processor may adjustdevice settings to, e.g., conserve power when nobody is home or in aparticular room or to accord with user preferences (e.g., generalat-home preferences or user-specific preferences). As another example,based on the detection of a particular person, animal or object (e.g., achild, pet or lost object), the high-power processor may initiate anaudio or visual indicator of where the person, animal or object is ormay initiate an alarm or security feature if an unrecognized person isdetected under certain conditions (e.g., at night or when lights areoff).

In some instances, devices may interact with each other such that eventsdetected by a first device influences actions of a second device. Forexample, a first device can detect that a user has entered into a garage(e.g., by detecting motion in the garage, detecting a change in light inthe garage or detecting opening of the garage door). The first devicecan transmit this information to a second device via the networkinterface 18, such that the second device can, e.g., adjust a hometemperature setting, a light setting, a music setting, and/or asecurity-alarm setting. As another example, a first device can detect auser approaching a front door (e.g., by detecting motion or sudden lightpattern changes). The first device may, e.g., cause a general audio orvisual signal to be presented (e.g., such as sounding of a doorbell) orcause a location-specific audio or visual signal to be presented (e.g.,to announce the visitor's presence within a room that a user isoccupying).

Keeping the foregoing in mind, FIG. 2 illustrates an example of asmart-home environment 30 within which one or more of the smart homedevices 10 of FIG. 1, methods, systems, services, and/or computerprogram products described further herein can be applicable. Thedepicted smart-home environment 30 includes a structure 32, which caninclude, e.g., a house, office building, garage, or mobile home. It willbe appreciated that devices can also be integrated into a smart-homeenvironment 30 that does not include an entire structure 32, such as anapartment, condominium, or office space. Further, the smart homeenvironment can control and/or be coupled to devices outside of theactual structure 32. Indeed, several devices in the smart homeenvironment need not physically be within the structure 32 at all. Forexample, a device controlling a pool heater or irrigation system can belocated outside of the structure 32. Notwithstanding the provision of asmart-home environment 30 and subsequent description of variousembodiments of accessing electronic devices provided within thesmart-home environment 30, it should be appreciated that the variousrate limiting techniques described herein may be similarly applicable tonon-smart-home environments. For example, it may be desirable to applysimilar rate limiting techniques to mobile devices (e.g., wearables suchas smart phones, smart glasses, smart watches, smart shoes, etc.),in-vehicle electronics (e.g., car navigation units, radar detectors,audio/radio components, etc.), or other electronic devices outside ofthe smart-environment environment 30.

The depicted structure 32 includes a number of rooms 38, separated atleast partly from each other via walls 40. The walls 40 can includeinterior walls or exterior walls. Each room can further include a floor42 and a ceiling 44. Devices can be mounted on, integrated with and/orsupported by a wall 40, floor 42 or ceiling 44.

In some embodiments, the smart-home environment 30 of FIG. 2 includes anumber of smart home devices 10, including intelligent, multi-sensing,network-connected devices, that can integrate seamlessly with each otherand/or with a central server or a cloud-computing system to provide anyof a variety of useful smart-home objectives. The smart-home environment30 may include one or more intelligent, multi-sensing, network-connectedthermostats 46 (hereinafter referred to as “smart thermostats 46”), oneor more intelligent, network-connected, multi-sensing hazard detectionunits 50 (hereinafter referred to as “smart hazard detectors 50”), andone or more intelligent, multi-sensing, network-connected entrywayinterface devices 52 (hereinafter referred to as “smart doorbells 52”),and one or more intelligent, network-connected door locks 53(hereinafter referred to as “smart door locks 53”). According toembodiments, the smart thermostat 46 may include a Nest®. LearningThermostat—1st Generation T100577 or Nest®. Learning Thermostat—2ndGeneration T200577 by Nest Labs, Inc., among others. The smartthermostat 46 detects ambient climate characteristics (e.g., temperatureand/or humidity) and controls a HVAC system 48 accordingly.

The smart hazard detector 50 may detect the presence of a hazardoussubstance or a substance indicative of a hazardous substance (e.g.,smoke, fire, or carbon monoxide). The smart hazard detector 50 mayinclude a Nest®. Protect that may include sensor(s) 12 such as smokesensors, carbon monoxide sensors, and the like. As such, the hazarddetector 50 may determine when smoke, fire, or carbon monoxide may bepresent within the building.

The smart doorbell 52 may detect a person's approach to or departurefrom a location (e.g., an outer door), control doorbell functionality,announce a person's approach or departure via audio or visual means, orcontrol settings on a security system (e.g., to activate or deactivatethe security system when occupants go and come). The smart doorbell 52may interact with other devices 10 based on whether someone hasapproached or entered the smart-home environment 30. The smart doorlocks 53 may detect and toggle between a locked and unlocked conditionfor doors in the home, detect a person's approach to or departure from arespective door, detect whether a door is open or closed, or othersuitable controls associated with a smart door lock 53.

In some embodiments, the smart-home environment 30 further includes oneor more intelligent, multi-sensing, network-connected wall switches 54(hereinafter referred to as “smart wall switches 54”), along with one ormore intelligent, multi-sensing, network-connected wall plug interfaces56 (hereinafter referred to as “smart wall plugs 56”). The smart wallswitches 54 may detect ambient lighting conditions, detectroom-occupancy states, and control a power and/or dim state of one ormore lights. In some instances, smart wall switches 54 may also controla power state or speed of a fan, such as a ceiling fan. The smart wallplugs 56 may detect occupancy of a room or enclosure and control supplyof power to one or more wall plugs (e.g., such that power is notsupplied to the plug if nobody is at home).

Still further, in some embodiments, the smart home device 10 within thesmart-home environment 30 may further includes a number of intelligent,multi-sensing, network-connected appliances 58 (hereinafter referred toas “smart appliances 58”), such as refrigerators, stoves and/or ovens,televisions, washers, dryers, lights, stereos, intercom systems,garage-door openers, floor fans, ceiling fans, wall air conditioners,pool heaters, irrigation systems, security systems, and so forth.According to embodiments, the network-connected appliances 58 are madecompatible with the smart-home environment by cooperating with therespective manufacturers of the appliances. For example, the appliancescan be space heaters, window AC units, motorized duct vents, etc. Whenplugged in, an appliance can announce itself to the smart-home network,such as by indicating what type of appliance it is, and it canautomatically integrate with the controls of the smart-home. Suchcommunication by the appliance to the smart home can be facilitated byany wired or wireless communication protocols known by those havingordinary skill in the art. The smart home also can include a variety ofnon-communicating legacy appliances 68, such as old conventionalwasher/dryers, refrigerators, and the like which can be controlled,albeit coarsely (ON/OFF), by virtue of the smart wall plugs 56. Thesmart-home environment 30 can further include a variety of partiallycommunicating legacy appliances 70, such as infrared (“IR”) controlledwall air conditioners or other IR-controlled devices, which can becontrolled by IR signals provided by the smart hazard detectors 50 orthe smart wall switches 54.

According to embodiments, the smart thermostats 46, the smart hazarddetectors 50, the smart doorbells 52, the smart door locks 53, the smartwall switches 54, the smart wall plugs 56, and other devices of thesmart-home environment 30 are modular and can be incorporated into olderand new houses. For example, the smart home devices 10 are designedaround a modular platform consisting of two basic components: a headunit and a back plate, which is also referred to as a docking station.Multiple configurations of the docking station are provided so as to becompatible with any home, such as older and newer homes. However, all ofthe docking stations include a standard head-connection arrangement,such that any head unit can be removably attached to any dockingstation. Thus, in some embodiments, the docking stations are interfacesthat serve as physical connections to the structure and the voltagewiring of the homes, and the interchangeable head units contain all ofthe sensor(s) 12, processor(s) 22, user interfaces 14, the power supply16, the network interface 18, and other functional components of thedevices described above.

Many different commercial and functional possibilities for provisioning,maintenance, and upgrade are possible. For example, after years of usingany particular head unit, a user will be able to buy a new version ofthe head unit and simply plug it into the old docking station. There arealso many different versions for the head units, such as low-costversions with few features, and then a progression ofincreasingly-capable versions, up to and including extremely fancy headunits with a large number of features. Thus, it should be appreciatedthat the various versions of the head units can all be interchangeable,with any of them working when placed into any docking station. This canadvantageously encourage sharing and re-deployment of old head units—forexample, when an important high-capability head unit, such as a hazarddetector, is replaced by a new version of the head unit, then the oldhead unit can be re-deployed to a back room or basement, etc. Accordingto embodiments, when first plugged into a docking station, the head unitcan ask the user (by 2D LCD display, 2D/3D holographic projection, voiceinteraction, etc.) a few simple questions such as, “Where am I” and theuser can indicate “living room”, “kitchen” and so forth.

The smart-home environment 30 may also include communication withdevices outside of the physical home but within a proximate geographicalrange of the home. For example, the smart-home environment 30 mayinclude a pool heater monitor 34 that communicates a current pooltemperature to other devices within the smart-home environment 30 orreceives commands for controlling the pool temperature. Similarly, thesmart-home environment 30 may include an irrigation monitor 36 thatcommunicates information regarding irrigation systems within thesmart-home environment 30 and/or receives control information forcontrolling such irrigation systems. According to embodiments, analgorithm is provided for considering the geographic location of thesmart-home environment 30, such as based on the zip code or geographiccoordinates of the home. The geographic information is then used toobtain data helpful for determining optimal times for watering, suchdata may include sun location information, temperature, dewpoint, soiltype of the land on which the home is located, etc.

By virtue of network connectivity, one or more of the smart-home devicesof FIG. 2 can further allow a user to interact with the device even ifthe user is not proximate to the device. For example, a user cancommunicate with a device using a computer (e.g., a desktop computer,laptop computer, or tablet) or other portable electronic device (e.g., asmartphone) 66. A web page or app can be configured to receivecommunications from the user and control the device based on thecommunications and/or to present information about the device'soperation to the user. For example, the user can view a current setpointtemperature for a device and adjust it using a computer. The user can bein the structure during this remote communication or outside thestructure.

As discussed, users can control the smart thermostat and other smartdevices in the smart-home environment 30 using a network-connectedcomputer or portable electronic device 66. In some examples, some or allof the occupants (e.g., individuals who live in the home) can registertheir device 66 with the smart-home environment 30. Such registrationcan be made at a central server to authenticate the occupant and/or thedevice as being associated with the home and to give permission to theoccupant to use the device to control the smart devices in the home. Anoccupant can use their registered device 66 to remotely control thesmart devices of the home, such as when the occupant is at work or onvacation. The occupant may also use their registered device to controlthe smart devices when the occupant is actually located inside the home,such as when the occupant is sitting on a couch inside the home. Itshould be appreciated that instead of or in addition to registeringdevices 66, the smart-home environment 30 makes inferences about whichindividuals live in the home and are therefore occupants and whichdevices 66 are associated with those individuals. As such, thesmart-home environment “learns” who is an occupant and permits thedevices 66 associated with those individuals to control the smartdevices of the home.

In some instances, guests desire to control the smart devices. Forexample, the smart-home environment may receive communication from anunregistered mobile device of an individual inside of the home, wheresaid individual is not recognized as an occupant of the home. Further,for example, a smart-home environment may receive communication from amobile device of an individual who is known to be or who is registeredas a guest.

According to embodiments, a guest-layer of controls can be provided toguests of the smart-home environment 30. The guest-layer of controlsgives guests access to basic controls (e.g., a judicially selectedsubset of features of the smart devices), such as temperatureadjustments, but it locks out other functionalities. The guest layer ofcontrols can be thought of as a “safe sandbox” in which guests havelimited controls, but they do not have access to more advanced controlsthat could fundamentally alter, undermine, damage, or otherwise impairthe occupant-desired operation of the smart devices. For example, theguest layer of controls will not permit the guest to adjust theheat-pump lockout temperature.

A use case example of this is when a guest is in a smart home, the guestcould walk up to the thermostat and turn the dial manually, but theguest may not want to walk around the house “hunting” the thermostat,especially at night while the home is dark and others are sleeping.Further, the guest may not want to go through the hassle of downloadingthe necessary application to their device for remotely controlling thethermostat. In fact, the guest may not have the home owner's logincredentials, etc., and therefore cannot remotely control the thermostatvia such an application. Accordingly, according to embodiments of theinvention, the guest can open a mobile browser on their mobile device,type a keyword, such as “NEST” into the URL field and tap “Go” or“Search”, etc. In response, the device presents the guest with a userinterface which allows the guest to move the target temperature betweena limited range, such as 65 and 80 degrees Fahrenheit. As discussed, theuser interface provides a guest layer of controls that are limited tobasic functions. The guest cannot change the target humidity, modes, orview energy history.

According to embodiments, to enable guests to access the user interfacethat provides the guest layer of controls, a local webserver is providedthat is accessible in the local area network (LAN). It does not requirea password, because physical presence inside the home is establishedreliably enough by the guest's presence on the LAN. In some embodiments,during installation of the smart device, such as the smart thermostat,the home owner is asked if they want to enable a Local Web App (LWA) onthe smart device. Business owners will likely say no; home owners willlikely say yes. When the LWA option is selected, the smart devicebroadcasts to the LAN that the above referenced keyword, such as “NEST”,is now a host alias for its local web server. Thus, no matter whose homea guest goes to, that same keyword (e.g., “NEST”) is always the URL youuse to access the LWA, provided the smart device is purchased from thesame manufacturer. Further, according to embodiments, if there is morethan one smart device on the LAN, the second and subsequent smartdevices do not offer to set up another LWA. Instead, they registerthemselves as target candidates with the master LWA. And in this casethe LWA user would be asked which smart device they want to change thetemperature on before getting the simplified user interface for theparticular smart device they choose.

According to embodiments, a guest layer of controls may also be providedto users by means other than a device 66. For example, the smart device,such as the smart thermostat, may be equipped with walkup-identificationtechnology (e.g., face recognition, RFID, ultrasonic sensors) that“fingerprints” or creates a “signature” for the occupants of the home.The walkup-identification technology can be the same as or similar tothe fingerprinting and signature creating techniques described in othersections of this application. In operation, when a person who does notlive in the home or is otherwise not registered with the smart home orwhose fingerprint or signature is not recognized by the smart home“walks up” to a smart device, the smart device provides the guest withthe guest layer of controls, rather than full controls.

As described below, the smart thermostat 46 and other smart devices“learn” by observing occupant behavior. For example, the smartthermostat learns occupants' preferred temperature set-points formornings and evenings, and it learns when the occupants are asleep orawake, as well as when the occupants are typically away or at home, forexample. According to embodiments, when a guest controls the smartdevices, such as the smart thermostat, the smart devices do not “learn”from the guest. This prevents the guest's adjustments and controls fromaffecting the learned preferences of the occupants.

According to some embodiments, a smart television remote control isprovided. The smart remote control recognizes occupants by thumbprint,visual identification, RFID, etc., and it recognizes a user as a guestor as someone belonging to a particular class having limited control andaccess (e.g., child). Upon recognizing the user as a guest or someonebelonging to a limited class, the smart remote control only permits thatuser to view a subset of channels and to make limited adjustments to thesettings of the television and other devices. For example, a guestcannot adjust the digital video recorder (DVR) settings, and a child islimited to viewing child-appropriate programming.

According to some embodiments, similar controls are provided for otherinstruments, utilities, and devices in the house. For example, sinks,bathtubs, and showers can be controlled by smart spigots that recognizeusers as guests or as children and therefore prevent water fromexceeding a designated temperature that is considered safe.

In some embodiments, in addition to containing processing and sensingcapabilities, each of the smart devices of the home (e.g., 34, 36, 46,50, 52, 53, 54, 56, 58, and/or 66, among any other suitable smartdevices that may be found in the home) (collectively referred to as “thesmart devices”) may be capable of data communications and informationsharing with other of the smart devices, and/or to a central server orcloud-computing system or any other device that is network-connectedanywhere in the world. The data communications can be carried out usingany of a variety of custom or standard wireless protocols (Wi-Fi,ZigBee, 6LoWPAN, etc.) and/or any of a variety of custom or standardwired protocols (CAT6 Ethernet, HomePlug, etc.).

According to embodiments, all or some of the smart devices can serve aswireless or wired repeaters. For example, a first one of the smartdevices can communicate with a second one of the smart device via awireless router 60. The smart devices can further communicate with eachother via a connection to a network, such as the Internet 62. Throughthe Internet 62, the smart devices can communicate with a central serveror a cloud-computing system (device service) 64. The central server orcloud-computing system (device service) 64 can be associated with amanufacturer, support entity, or service provider associated with thedevice. For one embodiment, a user may be able to contact customersupport using a device itself rather than needing to use othercommunication means such as a telephone or Internet-connected computer.Further, software updates can be automatically sent from the centralserver or cloud-computing system (device service) 64 to devices (e.g.,when available, when purchased, or at routine intervals).

According to embodiments, the smart devices combine to create a meshnetwork of spokesman and low-power nodes in the smart-home environment30, where some of the smart devices are “spokesman” nodes and others are“low-powered” nodes. Some of the smart devices in the smart-homeenvironment 30 are battery powered, while others have a regular andreliable power source, such as by connecting to wiring (e.g., to 120Vline voltage wires) behind the walls 40 of the smart-home environment.The smart devices that have a regular and reliable power source arereferred to as “spokesman” nodes. These nodes are equipped with thecapability of using any wireless protocol or manner to facilitatebidirectional communication with any of a variety of other devices inthe smart-home environment 30 as well as with the central server orcloud-computing system (device service) 64. On the other hand, thedevices that are battery powered are referred to as “low-power” nodes.These nodes tend to be smaller than spokesman nodes and can onlycommunicate using wireless protocols that require very little power,such as Zigbee, 6LoWPAN, etc. Further, some, but not all, low-powernodes are incapable of bidirectional communication. These low-powernodes send messages, but they are unable to “listen”. Thus, otherdevices in the smart-home environment 30, such as the spokesman nodes,cannot send information to these low-power nodes.

As described, the smart devices serve as low-power and spokesman nodesto create a mesh network in the smart-home environment 30. Individuallow-power nodes in the smart-home environment regularly send outmessages regarding what they are sensing, and the other low-powerednodes in the smart-home environment—in addition to sending out their ownmessages—repeat the messages, thereby causing the messages to travelfrom node to node (i.e., device to device) throughout the smart-homeenvironment 30. The spokesman nodes in the smart-home environment 30 areable to “drop down” to low-powered communication protocols to receivethese messages, translate the messages to other communication protocols,and send the translated messages to other spokesman nodes and/or thecentral server or cloud-computing system (device service) 64. Thus, thelow-powered nodes using low-power communication protocols are able sendmessages across the entire smart-home environment 30 as well as over theInternet 62 to the central server or cloud-computing system (deviceservice) 64. According to embodiments, the mesh network enables thecentral server or cloud-computing system (device service) 64 toregularly receive data from all of the smart devices in the home, makeinferences based on the data, and send commands back to one of the smartdevices to accomplish some of the smart-home objectives describedherein.

As described, the spokesman nodes and some of the low-powered nodes arecapable of “listening”. Accordingly, users, other devices, and thecentral server or cloud-computing system (device service) 64 cancommunicate controls to the low-powered nodes. For example, a user canuse the portable electronic device (e.g., a smal (phone) 66 to sendcommands over the Internet 62 to the central server or cloud-computingsystem (device service) 64, which then relays the commands to thespokesman nodes in the smart-home environment 30. The spokesman nodesdrop down to a low-power protocol to communicate the commands to thelow-power nodes throughout the smart-home environment, as well as toother spokesman nodes that did not receive the commands directly fromthe central server or cloud-computing system (device service) 64.

An example of a low-power node is a smart night light 65. In addition tohousing a light source, the smart night light 65 houses an occupancysensor, such as an ultrasonic or passive IR sensor, and an ambient lightsensor, such as a photoresistor or a single-pixel sensor that measureslight in the room. In some embodiments, the smart night light 65 isconfigured to activate the light source when its ambient light sensordetects that the room is dark and when its occupancy sensor detects thatsomeone is in the room. In other embodiments, the smart night light 65is simply configured to activate the light source when its ambient lightsensor detects that the room is dark. Further, according to embodiments,the smart night light 65 includes a low-power wireless communicationchip (e.g., ZigBee chip) that regularly sends out messages regarding theoccupancy of the room and the amount of light in the room, includinginstantaneous messages coincident with the occupancy sensor detectingthe presence of a person in the room. As mentioned above, these messagesmay be sent wirelessly, using the mesh network, from node to node (i.e.,smart device to smart device) within the smart-home environment 30 aswell as over the Internet 62 to the central server or cloud-computingsystem (device service) 64.

Other examples of low-powered nodes include battery-operated versions ofthe smart hazard detectors 50. These smart hazard detectors 50 are oftenlocated in an area without access to constant and reliable power and, asdiscussed in detail below, may include any number and type of sensors,such as smoke/fire/heat sensors, carbon monoxide/dioxide sensors,occupancy/motion sensors, ambient light sensors, temperature sensors,humidity sensors, and the like. Furthermore, smart hazard detectors 50can send messages that correspond to each of the respective sensors tothe other devices and the central server or cloud-computing system(device service) 64, such as by using the mesh network as describedabove.

Examples of spokesman nodes include smart thermostats 46, smartdoorbells 52, smart wall switches 54, and smart wall plugs 56. Thesedevices 46, 52, 54, and 56 are often located near and connected to areliable power source, and therefore can include more power-consumingcomponents, such as one or more communication chips capable ofbidirectional communication in any variety of protocols.

In some embodiments, these low-powered and spokesman nodes (e.g.,devices 46, 50, 52, 54, 56, 58, and 65) can function as “tripwires” foran alarm system in the smart-home environment. For example, in the eventa perpetrator circumvents detection by alarm sensors located at windows,doors, and other entry points of the smart-home environment 30, thealarm could be triggered upon receiving an occupancy, motion, heat,sound, etc. message from one or more of the low-powered and spokesmannodes in the mesh network. For example, upon receiving a message from asmart night light 65 indicating the presence of a person, the centralserver or cloud-computing system (device service) 64 or some otherdevice could trigger an alarm, provided the alarm is armed at the timeof detection. Thus, the alarm system could be enhanced by variouslow-powered and spokesman nodes located throughout the smart-homeenvironment 30. In this example, a user could enhance the security ofthe smart-home environment 30 by buying and installing extra smartnightlights 65. However, in a scenario where the perpetrator uses aradio transceiver to jam the wireless network, the smart home devices 10may be incapable of communicating with each other. Therefore, asdiscussed in detail below, the present techniques provide networkcommunication jamming attack detection and notification solutions tosuch a problem.

In some embodiments, the mesh network can be used to automatically turnon and off lights as a person transitions from room to room. Forexample, the low-powered and spokesman nodes detect the person'smovement through the smart-home environment and communicatecorresponding messages through the mesh network. Using the messages thatindicate which rooms are occupied, the central server or cloud-computingsystem (device service) 64 or some other device activates anddeactivates the smart wall switches 54 to automatically provide light asthe person moves from room to room in the smart-home environment 30.Further, users may provide pre-configuration information that indicateswhich smart wall plugs 56 provide power to lamps and other lightsources, such as the smart night light 65. Alternatively, this mappingof light sources to wall plugs 56 can be done automatically (e.g., thesmart wall plugs 56 detect when a light source is plugged into it, andit sends a corresponding message to the central server orcloud-computing system (device service) 64). Using this mappinginformation in combination with messages that indicate which rooms areoccupied, the central server or cloud-computing system (device service)64 or some other device activates and deactivates the smart wall plugs56 that provide power to lamps and other light sources so as to trackthe person's movement and provide light as the person moves from room toroom.

In some embodiments, the mesh network of low-powered and spokesman nodescan be used to provide exit lighting in the event of an emergency. Insome instances, to facilitate this, users provide pre-configurationinformation that indicates exit routes in the smart-home environment 30.For example, for each room in the house, the user provides a map of thebest exit route. It should be appreciated that instead of a userproviding this information, the central server or cloud-computing system(device service) 64 or some other device could automatically determinethe routes using uploaded maps, diagrams, architectural drawings of thesmart-home house, as well as using a map generated based on positionalinformation obtained from the nodes of the mesh network (e.g.,positional information from the devices is used to construct a map ofthe house). In operation, when an alarm is activated (e.g., when one ormore of the smart hazard detector 50 detects smoke and activates analarm), the central server or cloud-computing system (device service) 64or some other device uses occupancy information obtained from thelow-powered and spokesman nodes to determine which rooms are occupiedand then turns on lights (e.g., nightlights 65, wall switches 54, wallplugs 56 that power lamps, etc.) along the exit routes from the occupiedrooms so as to provide emergency exit lighting.

Further included and illustrated in the smart-home environment 30 ofFIG. 2 are service robots 69 each configured to carry out, in anautonomous manner, any of a variety of household tasks. For someembodiments, the service robots 69 can be respectively configured toperform floor sweeping, floor washing, etc. in a manner similar to thatof known commercially available devices such as the ROOMBA™. andSCOOBA™. products sold by iRobot, Inc. of Bedford, Mass. Tasks such asfloor sweeping and floor washing can be considered as “away” or“while-away” tasks for purposes of the instant description, as it isgenerally more desirable for these tasks to be performed when theoccupants are not present. For other embodiments, one or more of theservice robots 69 are configured to perform tasks such as playing musicfor an occupant, serving as a localized thermostat for an occupant,serving as a localized air monitor/purifier for an occupant, serving asa localized baby monitor, serving as a localized hazard detector for anoccupant, and so forth, it being generally more desirable for such tasksto be carried out in the immediate presence of the human occupant. Forpurposes of the instant description, such tasks can be considered as“human-facing” or “human-centric” tasks.

When serving as a localized thermostat for an occupant, a particular oneof the service robots 69 can be considered to be facilitating what canbe called a “personal comfort-area network” for the occupant, with theobjective being to keep the occupant's immediate space at a comfortabletemperature wherever that occupant may be located in the home. This canbe contrasted with conventional wall-mounted room thermostats, whichhave the more attenuated objective of keeping a statically-definedstructural space at a comfortable temperature. According to oneembodiment, the localized-thermostat service robot 69 is configured tomove itself into the immediate presence (e.g., within five feet) of aparticular occupant who has settled into a particular location in thehome (e.g. in the dining room to eat their breakfast and read the news).The localized-thermostat service robot 69 includes a temperature sensor,a processor, and wireless communication components configured such thatcontrol communications with the HVAC system, either directly or througha wall-mounted wirelessly communicating thermostat coupled to the HVACsystem, are maintained and such that the temperature in the immediatevicinity of the occupant is maintained at their desired level. If theoccupant then moves and settles into another location (e.g. to theliving room couch to watch television), the localized-thermostat servicerobot 69 proceeds to move and park itself next to the couch and keepthat particular immediate space at a comfortable temperature.

Technologies by which the localized-thermostat service robot 69 (and/orthe larger smart-home system of FIG. 2) can identify and locate theoccupant whose personal-area space is to be kept at a comfortabletemperature can include, but are not limited to, RFID sensing (e.g.,person having an RFID bracelet, RFID necklace, or RFID key fob),synthetic vision techniques (e.g., video cameras and face recognitionprocessors), audio techniques (e.g., voice, sound pattern, vibrationpattern recognition), ultrasound sensing/imaging techniques, andinfrared or near-field communication (NFC) techniques (e.g., personwearing an infrared or NFC-capable smartphone), along with rules-basedinference engines or artificial intelligence techniques that draw usefulconclusions from the sensed information (e.g., if there is only a singleoccupant present in the home, then that is the person whose immediatespace should be kept at a comfortable temperature, and the selection ofthe desired comfortable temperature should correspond to that occupant'sparticular stored profile).

When serving as a localized air monitor/purifier for an occupant, aparticular service robot 69 can be considered to be facilitating whatcan be called a “personal health-area network” for the occupant, withthe objective being to keep the air quality in the occupant's immediatespace at healthy levels. Alternatively or in conjunction therewith,other health-related functions can be provided, such as monitoring thetemperature or heart rate of the occupant (e.g., using finely remotesensors, near-field communication with on-person monitors, etc.). Whenserving as a localized hazard detector for an occupant, a particularservice robot 69 can be considered to be facilitating what can be calleda “personal safety-area network” for the occupant, with the objectivebeing to ensure there is no excessive carbon monoxide, smoke, fire,etc., in the immediate space of the occupant. Methods analogous to thosedescribed above for personal comfort-area networks in terms of occupantidentifying and tracking are likewise applicable for personalhealth-area network and personal safety-area network embodiments.

According to some embodiments, the above-referenced facilitation ofpersonal comfort-area networks, personal health-area networks, personalsafety-area networks, and/or other such human-facing functionalities ofthe service robots 69, are further enhanced by logical integration withother smart sensors in the home according to rules-based inferencingtechniques or artificial intelligence techniques for achieving betterperformance of those human-facing functionalities and/or for achievingthose goals in energy-conserving or other resource-conserving ways.Thus, for one embodiment relating to personal health-area networks, theair monitor/purifier service robot 69 can be configured to detectwhether a household pet is moving toward the currently settled locationof the occupant (e.g., using on-board sensors and/or by datacommunications with other smart-home sensors along with rules-basedinferencing/artificial intelligence techniques), and if so, the airpurifying rate is immediately increased in preparation for the arrivalof more airborne pet dander. For another embodiment relating to personalsafety-area networks, the hazard detector service robot 69 can beadvised by other smart-home sensors that the temperature and humiditylevels are rising in the kitchen, which is nearby to the occupant'scurrent dining room location, and responsive to this advisory the hazarddetector service robot 69 will temporarily raise a hazard detectionthreshold, such as a smoke detection threshold, under an inference thatany small increases in ambient smoke levels will most likely be due tocooking activity and not due to a genuinely hazardous condition.

The above-described “human-facing” and “away” functionalities can beprovided, without limitation, by multiple distinct service robots 69having respective dedicated ones of such functionalities, by a singleservice robot 69 having an integration of two or more different ones ofsuch functionalities, and/or any combinations thereof (including theability for a single service robot 69 to have both “away” and “humanfacing” functionalities) without departing from the scope of the presentteachings. Electrical power can be provided by virtue of rechargeablebatteries or other rechargeable methods, such as an out-of-the-waydocking station to which the service robots 69 will automatically dockand recharge its batteries (if needed) during periods of inactivity.Preferably, each service robot 69 includes wireless communicationcomponents that facilitate data communications with one or more of theother wirelessly communicating smart-home sensors of FIG. 2 and/or withone or more other service robots 69 (e.g., using Wi-Fi, Zigbee, Z-Wave,6LoWPAN, etc.), and one or more of the smart-home devices 10 can be incommunication with a remote server over the Internet. Alternatively orin conjunction therewith, each service robot 69 can be configured tocommunicate directly with a remote server by virtue of cellulartelephone communications, satellite communications, 3G/4G network datacommunications, or other direct communication method.

Provided according to some embodiments are systems and methods relatingto the integration of the service robot(s) 69 with home security sensorsand related functionalities of the smart home system. The embodimentsare particularly applicable and advantageous when applied for thoseservice robots 69 that perform “away” functionalities or that otherwiseare desirable to be active when the home is unoccupied (hereinafter“away-service robots”). Included in the embodiments are methods andsystems for ensuring that home security systems, intrusion detectionsystems, and/or occupancy-sensitive environmental control systems (forexample, occupancy-sensitive automated setback thermostats that enterinto a lower-energy-using condition when the home is unoccupied) are noterroneously triggered by the away-service robots.

Provided according to one embodiment is a home automation and securitysystem (e.g., as shown in FIG. 2) that is remotely monitored by amonitoring service by virtue of automated systems (e.g., cloud-basedservers or other central servers, hereinafter “central server”) that arein data communications with one or more network-connected elements ofthe home automation and security system. The away-service robots areconfigured to be in operative data communication with the centralserver, and are configured such that they remain in a non-away-servicestate (e.g., a dormant state at their docking station) unless permissionis granted from the central server (e.g., by virtue of an“away-service-OK” message from the central server) to commence theiraway-service activities. An away-state determination made by the system,which can be arrived at (i) exclusively by local on-premises smartdevice(s) based on occupancy sensor data, (ii) exclusively by thecentral server based on received occupancy sensor data and/or based onreceived proximity-related information such as GPS coordinates from usersmartphones or automobiles, or (iii) any combination of (i) and (ii) canthen trigger the granting of away-service permission to the away-servicerobots by the central server. During the course of the away-servicerobot activity, during which the away-service robots may continuouslydetect and send their in-home location coordinates to the centralserver, the central server can readily filter signals from the occupancysensing devices to distinguish between the away-service robot activityversus any unexpected intrusion activity, thereby avoiding a falseintrusion alarm condition while also ensuring that the home is secure.Alternatively or in conjunction therewith, the central server mayprovide filtering data (such as an expected occupancy-sensing profiletriggered by the away-service robots) to the occupancy sensing nodes orassociated processing nodes of the smart home, such that the filteringis performed at the local level. Although somewhat less secure, it wouldalso be within the scope of the present teachings for the central serverto temporarily disable the occupancy sensing equipment for the durationof the away-service robot activity.

According to another embodiment, functionality similar to that of thecentral server in the above example can be performed by an on-sitecomputing device such as a dedicated server computer, a “master” homeautomation console or panel, or as an adjunct function of one or more ofthe smart-home devices of FIG. 2. In such an embodiment, there would beno dependency on a remote service provider to provide the“away-service-OK” permission to the away-service robots and thefalse-alarm-avoidance filtering service or filter information for thesensed intrusion detection signals.

According to other embodiments, there are provided methods and systemsfor implementing away-service robot functionality while avoiding falsehome security alarms and false occupancy-sensitive environmentalcontrols without the requirement of a single overall event orchestrator.For purposes of the simplicity in the present disclosure, the homesecurity systems and/or occupancy-sensitive environmental controls thatwould be triggered by the motion, noise, vibrations, or otherdisturbances of the away-service robot activity are referenced simply as“activity sensing systems,” and when so triggered will yield a“disturbance-detected” outcome representative of the false trigger (forexample, an alarm message to a security service, or an “arrival”determination for an automated setback thermostat that causes the hometo be heated or cooled to a more comfortable “occupied” setpointtemperature). According to one embodiment, the away-service robots areconfigured to emit a standard ultrasonic sound throughout the course oftheir away-service activity, the activity sensing systems are configuredto detect that standard ultrasonic sound, and the activity sensingsystems are further configured such that no disturbance-detected outcomewill occur for as long as that standard ultrasonic sound is detected.For other embodiments, the away-service robots are configured to emit astandard notification signal throughout the course of their away-serviceactivity, the activity sensing systems are configured to detect thatstandard notification signal, and the activity sensing systems arefurther configured such that no disturbance-detected outcome will occurfor as long as that standard notification signal is detected, whereinthe standard notification signal comprises one or more of: an opticalnotifying signal; an audible notifying signal; an infrared notifyingsignal; an infrasonic notifying signal; a wirelessly transmitted datanotification signal (e.g., an IP broadcast, multicast, or unicastnotification signal, or a notification message sent in an TCP/IP two-waycommunication session).

According to some embodiments, the notification signals sent by theaway-service robots to the activity sensing systems are authenticatedand encrypted such that the notifications cannot be learned andreplicated by a potential burglar. Any of a variety of knownencryption/authentication schemes can be used to ensure such datasecurity including, but not limited to, methods involving third partydata security services or certificate authorities. For some embodiments,a permission request-response model can be used, wherein any particularaway-service robot requests permission from each activity sensing systemin the home when it is ready to perform its away-service tasks, and doesnot initiate such activity until receiving a “yes” or “permissiongranted” message from each activity sensing system (or from a singleactivity sensing system serving as a “spokesman” for all of the activitysensing systems). One advantage of the described embodiments that do notrequire a central event orchestrator is that there can (optionally) bemore of an arms-length relationship between the supplier(s) of the homesecurity/environmental control equipment, on the one hand, and thesupplier(s) of the away-service robot(s), on the other hand, as it isonly required that there is the described standard one-way notificationprotocol or the described standard two-way request/permission protocolto be agreed upon by the respective suppliers.

According to still other embodiments, the activity sensing systems areconfigured to detect sounds, vibrations, RF emissions, or otherdetectable environmental signals or “signatures” that are intrinsicallyassociated with the away-service activity of each away-service robot,and are further configured such that no disturbance-detected outcomewill occur for as long as that particular detectable signal orenvironmental “signature” is detected. By way of example, a particularkind of vacuum-cleaning away-service robot may emit a specific sound orRF signature. For one embodiment, the away-service environmentalsignatures for each of a number of known away-service robots are storedin the memory of the activity sensing systems based on empiricallycollected data, the environmental signatures being supplied with theactivity sensing systems and periodically updated by a remote updateserver. For another embodiment, the activity sensing systems can beplaced into a “training mode” for the particular home in which they areinstalled, wherein they “listen” and “learn” the particularenvironmental signatures of the away-service robots for that home duringthat training session, and thereafter will suppress disturbance-detectedoutcomes for intervals in which those environmental signatures areheard.

For still another embodiment, which is particularly useful when theactivity sensing system is associated with occupancy-sensitiveenvironmental control equipment rather than a home security system, theactivity sensing system is configured to automatically learn theenvironmental signatures for the away-service robots by virtue ofautomatically performing correlations over time between detectedenvironmental signatures and detected occupancy activity. By way ofexample, for one embodiment an intelligent automatednonoccupancy-triggered setback thermostat such as the Nest LearningThermostat can be configured to constantly monitor for audible and RFactivity as well as to perform infrared-based occupancy detection. Inparticular view of the fact that the environmental signature of theaway-service robot will remain relatively constant from event to event,and in view of the fact that the away-service events will likely either(a) themselves be triggered by some sort of nonoccupancy condition asmeasured by the away-service robots themselves, or (b) occur at regulartimes of day, there will be patterns in the collected data by which theevents themselves will become apparent and for which the environmentalsignatures can be readily learned. Generally speaking, for thisautomatic-learning embodiment in which the environmental signatures ofthe away-service robots are automatically learned without requiring userinteraction, it is more preferable that a certain number of falsetriggers be tolerable over the course of the learning process.Accordingly, this automatic-learning embodiment is more preferable forapplication in occupancy-sensitive environmental control equipment (suchas an automated setback thermostat) rather than home security systemsfor the reason that a few false occupancy determinations may cause a fewinstances of unnecessary heating or cooling, but will not otherwise haveany serious consequences, whereas false home security alarms may havemore serious consequences.

According to embodiments, technologies including the sensors of thesmart devices located in the mesh network of the smart-home environmentin combination with rules-based inference engines or artificialintelligence provided at the central server or cloud-computing system(device service) 64 are used to provide a personal “smart alarm clock”for individual occupants of the home. For example, user-occupants cancommunicate with the central server or cloud-computing system (deviceservice) 64 via their mobile devices 66 to access an interface for thesmart alarm clock. There, occupants can turn on their “smart alarmclock” and input a wake time for the next day and/or for additionaldays. In some embodiments, the occupant may have the option of setting aspecific wake time for each day of the week, as well as the option ofsetting some or all of the inputted wake times to “repeat”. Artificialintelligence will be used to consider the occupant's response to thesealarms when they go off and make inferences about the user's preferredsleep patterns over time.

According to embodiments, the smart device in the smart-home environment30 that happens to be closest to the occupant when the occupant fallsasleep will be the device that transmits messages regarding when theoccupant stopped moving, from which the central server orcloud-computing system (device service) 64 will make inferences aboutwhere and when the occupant prefers to sleep. This closest smart devicewill as be the device that sounds the alarm to wake the occupant. Inthis manner, the “smart alarm clock” will follow the occupant throughoutthe house, by tracking the individual occupants based on their “uniquesignature”, which is determined based on data obtained from sensorslocated in the smart devices. For example, the sensors includeultrasonic sensors, passive IR sensors, and the like. The uniquesignature is based on a combination of walking gate, patterns ofmovement, voice, height, size, etc. It should be appreciated that facialrecognition may also be used.

According to an embodiment, the wake times associated with the “smartalarm clock” are used by the smart thermostat 46 to control the HVAC inan efficient manner so as to pre-heat or cool the house to theoccupant's desired “sleeping” and “awake” temperature settings. Thepreferred settings can be learned over time, such as by observing whichtemperature the occupant sets the thermostat to before going to sleepand which temperature the occupant sets the thermostat to upon wakingup.

According to an embodiment, a device is positioned proximate to theoccupant's bed, such as on an adjacent nightstand, and collects data asthe occupant sleeps using noise sensors, motion sensors (e.g.,ultrasonic, IR, and optical), etc. Data may be obtained by the othersmart devices in the room as well. Such data may include the occupant'sbreathing patterns, heart rate, movement, etc. Inferences are made basedon this data in combination with data that indicates when the occupantactually wakes up. For example, if—on a regular basis—the occupant'sheart rate, breathing, and moving all increase by 5% to 10%, twenty tothirty minutes before the occupant wakes up each morning, thenpredictions can be made regarding when the occupant is going to wake.Other devices in the home can use these predictions to provide othersmart-home objectives, such as adjusting the smart thermostat 46 so asto pre-heat or cool the home to the occupant's desired setting beforethe occupant wakes up. Further, these predictions can be used to set the“smart alarm clock” for the occupant, to turn on lights, etc.

According to embodiments, technologies including the sensors of thesmart devices located throughout the smart-home environment incombination with rules-based inference engines or artificialintelligence provided at the central server or cloud-computing system(device service) 64 are used to detect or monitor the progress ofAlzheimer's Disease. For example, the unique signatures of the occupantsare used to track the individual occupants' movement throughout thesmart-home environment 30. This data can be aggregated and analyzed toidentify patterns indicative of Alzheimer's. Oftentimes, individualswith Alzheimer's have distinctive patterns of migration in their homes.For example, a person will walk to the kitchen and stand there for awhile, then to the living room and stand there for a while, and thenback to the kitchen. This pattern will take about thirty minutes, andthen the person will repeat the pattern. According to embodiments, theremote servers or cloud computing architectures 64 analyze the person'smigration data collected by the mesh network of the smart-homeenvironment to identify such patterns.

In addition, FIG. 3 illustrates an embodiment of an extensible devicesand services platform 80 that can be concentrated at a single server ordistributed among several different computing entities withoutlimitation with respect to the smart-home environment 30. The extensibledevices and services platform 80 may include a processing engine 86,which may include engines that receive data from devices of smart-homeenvironments (e.g., via the Internet or a hubbed network), to index thedata, to analyze the data and/or to generate statistics based on theanalysis or as part of the analysis. The analyzed data can be stored asderived home data 88.

Results of the analysis or statistics can thereafter be transmitted backto the device that provided home data used to derive the results, toother devices, to a server providing a web page to a user of the device,or to other non-device entities. For example, use statistics, usestatistics relative to use of other devices, use patterns, and/orstatistics summarizing sensor readings can be generated by theprocessing engine 86 and transmitted. The results or statistics can beprovided via the Internet 62. In this manner, the processing engine 86can be configured and programmed to derive a variety of usefulinformation from the home data 82. A single server can include one ormore engines.

The derived data can be highly beneficial at a variety of differentgranularities for a variety of useful purposes, ranging from explicitprogrammed control of the devices on a per-home, per-neighborhood, orper-region basis (for example, demand-response programs for electricalutilities), to the generation of inferential abstractions that canassist on a per-home basis (for example, an inference can be drawn thatthe homeowner has left for vacation and so security detection equipmentcan be put on heightened sensitivity), to the generation of statisticsand associated inferential abstractions that can be used for governmentor charitable purposes. For example, processing engine 86 can generatestatistics about device usage across a population of devices and sendthe statistics to device users, service providers or other entities(e.g., that have requested or may have provided monetary compensationfor the statistics).

According to some embodiments, the home data 82, the derived home data88, and/or another data can be used to create “automated neighborhoodsafety networks.” For example, in the event the central server orcloud-computing architecture 64 receives data indicating that aparticular home has been broken into, is experiencing a fire, or someother type of emergency event, an alarm is sent to other smart homes inthe “neighborhood.” In some instances, the central server orcloud-computing architecture 64 automatically identifies smart homeswithin a radius of the home experiencing the emergency and sends analarm to the identified homes. In such instances, the other homes in the“neighborhood” do not have to sign up for or register to be a part of asafety network, but instead are notified of an emergency based on theirproximity to the location of the emergency. This creates robust andevolving neighborhood security watch networks, such that if one person'shome is getting broken into, an alarm can be sent to nearby homes, suchas by audio announcements via the smart devices located in those homes.It should be appreciated that this can be an opt-in service and that, inaddition to or instead of the central server or cloud-computingarchitecture 64 selecting which homes to send alerts to, individuals cansubscribe to participate in such networks and individuals can specifywhich homes they want to receive alerts from. This can include, forexample, the homes of family members who live in different cities, suchthat individuals can receive alerts when their loved ones in otherlocations are experiencing an emergency.

According to some embodiments, sound, vibration, and/or motion sensingcomponents of the smart devices are used to detect sound, vibration,and/or motion created by running water. Based on the detected sound,vibration, and/or motion, the central server or cloud-computingarchitecture 64 makes inferences about water usage in the home andprovides related services. For example, the central server orcloud-computing architecture 64 can run programs/algorithms thatrecognize what water sounds like and when it is running in the home.According to one embodiment, to map the various water sources of thehome, upon detecting running water, the central server orcloud-computing architecture 64 sends a message an occupant's mobiledevice asking if water is currently running or if water has beenrecently run in the home and, if so, which room and whichwater-consumption appliance (e.g., sink, shower, toilet, etc.) was thesource of the water. This enables the central server or cloud-computingarchitecture 64 to determine the “signature” or “fingerprint” of eachwater source in the home. This is sometimes referred to herein as “audiofingerprinting water usage.”

In one illustrative example, the central server or cloud-computingarchitecture 64 creates a signature for the toilet in the masterbathroom, and whenever that toilet is flushed, the central server orcloud-computing architecture 64 will know that the water usage at thattime is associated with that toilet. Thus, the central server orcloud-computing architecture 64 can track the water usage of that toiletas well as each water-consumption application in the home. Thisinformation can be correlated to water bills or smart water meters so asto provide users with a breakdown of their water usage.

According to some embodiments, sound, vibration, and/or motion sensingcomponents of the smart devices are used to detect sound, vibration,and/or motion created by mice and other rodents as well as by termites,cockroaches, and other insects (collectively referred to as “pests”).Based on the detected sound, vibration, and/or motion, the centralserver or cloud-computing architecture 64 makes inferences aboutpest-detection in the home and provides related services. For example,the central server or cloud-computing architecture 64 can runprograms/algorithms that recognize what certain pests sound like, howthey move, and/or the vibration they create, individually and/orcollectively. According to one embodiment, the central server orcloud-computing architecture 64 can determine the “signatures” ofparticular types of pests.

For example, in the event the central server or cloud-computingarchitecture 64 detects sounds that may be associated with pests, itnotifies the occupants of such sounds and suggests hiring a pest controlcompany. If it is confirmed that pests are indeed present, the occupantsinput to the central server or cloud-computing architecture 64 confirmsthat its detection was correct, along with details regarding theidentified pests, such as name, type, description, location, quantity,etc. This enables the central server or cloud-computing architecture 64to “tune” itself for better detection and create “signatures” or“fingerprints” for specific types of pests. For example, the centralserver or cloud-computing architecture 64 can use the tuning as well asthe signatures and fingerprints to detect pests in other homes, such asnearby homes that may be experiencing problems with the same pests.Further, for example, in the event that two or more homes in a“neighborhood” are experiencing problems with the same or similar typesof pests, the central server or cloud-computing architecture 64 can makeinferences that nearby homes may also have such problems or may besusceptible to having such problems, and it can send warning messages tothose homes to help facilitate early detection and prevention.

In some embodiments, to encourage innovation and research and toincrease products and services available to users, the devices andservices platform 80 expose a range of application programminginterfaces (APIs) 90 to third parties, such as charities 94,governmental entities 96 (e.g., the Food and Drug Administration or theEnvironmental Protection Agency), academic institutions 98 (e.g.,university researchers), businesses 100 (e.g., providing devicewarranties or service to related equipment, targeting advertisementsbased on home data), utility companies 102, and other third parties. TheAPIs 90 are coupled to and permit third-party systems to communicatewith the central server or the cloud-computing system (device service)64, including the services 84, the processing engine 86, the home data82, and the derived home data 88. For example, the APIs 90 allowapplications executed by the third parties to initiate specific dataprocessing tasks that are executed by the central server or thecloud-computing system (device service) 64, as well as to receivedynamic updates to the home data 82 and the derived home data 88.

For example, third parties can develop programs and/or applications,such as web or mobile apps, that integrate with the central server orthe cloud-computing system (device service) 64 to provide services andinformation to users. Such programs and application may be, for example,designed to help users reduce energy consumption, to preemptivelyservice faulty equipment, to prepare for high service demands, to trackpast service performance, etc., or to perform any of a variety ofbeneficial functions or tasks now known or hereinafter developed. Toensure the continued proper functioning of the smart home devices 10that these programs and/or applications interact with,device-state-based message limiting may be employed based on variousoperation status parameters (e.g., a current battery level, chargingrate, device age, planned device lifespan, recent wireless usage,internal temperature, and/or the operation status parameters of otherconnected devices 10 that are being used to access the target smart homedevice 10).

According to some embodiments, third-party applications make inferencesfrom the home data 82 and the derived home data 88, such inferences mayinclude when occupants are home, when they are sleeping, when they arecooking, when they are in the den watching television, and when they areshowering. The answers to these questions may help third-parties benefitconsumers by providing them with interesting information, products andservices as well as with providing them with targeted advertisements.

In one example, a shipping company creates an application that makesinferences regarding when people are at home. The application uses theinferences to schedule deliveries for times when people will most likelybe at home. The application can also build delivery routes around thesescheduled times. This reduces the number of instances where the shippingcompany has to make multiple attempts to deliver packages, and itreduces the number of times consumers have to pick up their packagesfrom the shipping company.

In another example, a car company may develop a car navigationapplication that can determine an estimated time of arrival (ETA) to ahome. The application may continually update a device service throughthe APIs associated with the

To further illustrate, FIG. 4 describes an abstracted functional view110 of the extensible devices and services platform 80 of FIG. 3, withparticular reference to the processing engine 86 as well as devices,such as those of the smart-home environment 30 of FIG. 2. Even thoughdevices situated in smart-home environments will have an endless varietyof different individual capabilities and limitations, they can all bethought of as sharing common characteristics in that each of them is adata consumer 112 (DC), a data source 114 (DS), a services consumer 116(SC), and a services source 118 (SS). Advantageously, in addition toproviding the essential control information needed for the devices toachieve their local and immediate objectives, the extensible devices andservices platform 80 can also be configured to harness the large amountof data that is flowing out of these devices. In addition to enhancingor optimizing the actual operation of the devices themselves withrespect to their immediate functions, the extensible devices andservices platform 80 can be directed to “repurposing” that data in avariety of automated, extensible, flexible, and/or scalable ways toachieve a variety of useful objectives. These objectives may bepredefined or adaptively identified based on, e.g., usage patterns,device efficiency, and/or user input (e.g., requesting specificfunctionality).

For example, FIG. 4 shows processing engine 86 as including a number ofparadigms 120. Processing engine 86 can include a managed servicesparadigm 120 a that monitors and manages primary or secondary devicefunctions. The device functions can include ensuring proper operation ofa device given user inputs, estimating that (e.g., and responding to aninstance in which) an intruder is or is attempting to be in a dwelling,detecting a failure of equipment coupled to the device (e.g., a lightbulb having burned out), implementing or otherwise responding to energydemand response events, or alerting a user of a current or predictedfuture event or characteristic. Processing engine 86 can further includean advertising/communication paradigm 120 b that estimatescharacteristics (e.g., demographic information), desires and/or productsof interest of a user based on device usage. Services, promotions,products or upgrades can then be offered or automatically provided tothe user. Processing engine 86 can further include a social paradigm 120c that uses information from a social network, provides information to asocial network (for example, based on device usage), and/or processesdata associated with user and/or device interactions with the socialnetwork platform. For example, a user's status as reported to theirtrusted contacts on the social network could be updated to indicate whenthey are home based on light detection, security system inactivation ordevice usage detectors. As another example, a user may be able to sharedevice-usage statistics with other users. In yet another example, a usermay share HVAC settings that result in low power bills and other usersmay download the HVAC settings to their smart thermostat 46 to reducetheir power bills.

The processing engine 86 can include achallenges/rules/compliance/rewards paradigm 120 d that informs a userof challenges, competitions, rules, compliance regulations and/orrewards and/or that uses operation data to determine whether a challengehas been met, a rule or regulation has been complied with and/or areward has been earned. The challenges, rules or regulations can relateto efforts to conserve energy, to live safely (e.g., reducing exposureto toxins or carcinogens), to conserve money and/or equipment life, toimprove health, etc. For example, one challenge may involve participantsturning down their thermostat by one degree for one week. Those thatsuccessfully complete the challenge are rewarded, such as by coupons,virtual currency, status, etc. Regarding compliance, an example involvesa rental-property owner making a rule that no renters are permitted toaccess certain owner's rooms. The devices in the room having occupancysensors could send updates to the owner when the room is accessed.

The processing engine 86 can integrate or otherwise utilize extrinsicinformation 122 from extrinsic sources to improve the functioning of oneor more processing paradigms. Extrinsic information 122 can be used tointerpret data received from a device, to determine a characteristic ofthe environment near the device (e.g., outside a structure that thedevice is enclosed in), to determine services or products available tothe user, to identify a social network or social-network information, todetermine contact information of entities (e.g., public-service entitiessuch as an emergency-response team, the police or a hospital) near thedevice, etc., to identify statistical or environmental conditions,trends or other information associated with a home or neighborhood, andso forth.

An extraordinary range and variety of benefits can be brought about by,and fit within the scope of, the described extensible devices andservices platform 80, ranging from the ordinary to the profound. Thus,in one “ordinary” example, each bedroom of the smart-home environment 30can be provided with a smart wall switch 54, a smart wall plug 56,and/or smart hazard detectors 50, all or some of which include anoccupancy sensor, wherein the occupancy sensor is also capable ofinferring (e.g., by virtue of motion detection, facial recognition,audible sound patterns, etc.) whether the occupant is asleep or awake.If a serious fire event is sensed, the remote security/monitoringservice or fire department is advised of how many occupants there are ineach bedroom, and whether those occupants are still asleep (or immobile)or whether they have properly evacuated the bedroom. While this is, ofcourse, a very advantageous capability accommodated by the describedextensible devices and services platform 80, there can be substantiallymore “profound” examples that can truly illustrate the potential of alarger “intelligence” that can be made available. By way of perhaps amore “profound” example, the same bedroom occupancy data that is beingused for fire safety can also be “repurposed” by the processing engine86 in the context of a social paradigm of neighborhood child developmentand education. Thus, for example, the same bedroom occupancy and motiondata discussed in the “ordinary” example can be collected and madeavailable (properly anonymized) for processing in which the sleeppatterns of schoolchildren in a particular ZIP code can be identifiedand tracked. Localized variations in the sleeping patterns of theschoolchildren may be identified and correlated, for example, todifferent nutrition programs in local schools.

Device-State-Based Message Limiting

Although third-party programs, applications, and/or application servicesmay be used to communicate requests or commands to the smart homedevices 10, in some embodiments these may not be sent directly to thesmart home devices 10. Indeed, doing so in an unrestricted fashion couldreduce the desired functionally of the smart home devices 10 in somecircumstances. For example, the battery may drain too quickly and/or theinternal temperature of the electronic device may become so high thatcertain functionalities of the smart home device 10 may become inhibited(e.g., if a thermostat has too high an internal temperature, it may havedifficulties determining the temperature of its environment). As such,as shown by a message limiting system 140 of FIG. 5, the smart homedevices 10 may be accessed via a cloud service in a rule-based,rate-limited and/or device-state-based manner to preserve their properfunctionality. Moreover, although the smart home devices 10 have beenused by way of example, any other suitable type of electronic devicesmay be communicated with and/or controlled in the manner of thisdisclosure.

As illustrated in FIG. 5, a person may desire to access a number ofsmart home devices 10, such as a first smart home device 10A and secondsmart home devices 10B. In the example of FIG. 5, the first smart homedevice 10A is an example of a smart thermostat, such as the Nest®.Learning Thermostat by Nest Labs, Inc. (a company of Google, Inc.), andthe second smart home devices 10B are examples of smart hazarddetectors, such as the Nest®. Protect by Nest Labs, Inc. Two applicationprograms are shown accessing the smart home devices 10A and/or 10Bthrough the device service 64. Although FIG. 5 illustrates accessing thesmart home devices 10A and/or 10B using two separate applicationprograms, it should be appreciated that any suitable number ofapplication programs may be used to access the smart home devices 10Aand/or 10B. Moreover, it should be appreciated that the example of FIG.5 is not intended to list every component that may be present in such asystem to provide third-party access to target electronic devices suchas the smart home devices 10.

In the example of FIG. 5, a first application 142 sends a first devicerequest message 144 targeted to a smart home device 10 (e.g., the smarthome device 10A) into cloud service(s) 145 and, more specifically, to afirst application service 146. A second application 148 may be used toissue a second device request message 150 targeted to a smart homedevice 10 (e.g., the smart home device 10A) to a second applicationservice 152 also among the cloud service(s) 145. In the example shown,the first application 142 is a navigation application that sendsestimated-time-of-arrival (ETA) information in the device requestmessages 144. By sending a number of ETA messages as the device requestmessages 144, the first application 142 may be used to cause the smarthome devices 10A and/or 10B to be prepared when a person arrives home.Thus, as an example, the first application 142 may send occasionaldevice request messages 144 indicating the ETA to the first applicationservice 146, which may forward this information to the device service 64(e.g., via an API, as discussed above). The device service 64 may holdthe device request messages 144 from the first application 142 until anappropriate time. In the illustrated example, the second application 148may be a third-party home-automation application that may be running ona portable electronic device, such as a personal mobile device. Thesecond application 148 may generate device request messages 150, such ascommands to control or request information from the smart home devices10A and/or 10B. The second application service 152 may interface withthe device service 64 by way of an API, as mentioned above.

Although the first application service 146, the second applicationservice 152, and the device service 64 are illustrated in FIG. 5 ascloud service(s) 145, it may appreciated that some or all of theseservices may run on electronic devices that are not remotecloud-computer systems accessible by way of the Internet. Indeed, insome examples, the device service 64 may not be on a network that isremote from the smart home devices 10A and/or 10B, but rather may berunning on an electronic device in the same local area network as thesmart home devices 10A and/or 10B. For example, the device service 64may, additionally or alternatively, run on a local server computerand/or a local wireless router on the same local area network as thesmart home devices 10A and/or 10B. Moreover, some applications maycommunicate directly with the device service 64 (e.g., via the API)rather than communicating through an application service such as thefirst application service 146 or the second application service 152.

Regardless of the number of applications that may issue device requestmessages (e.g., 144 or 150) to the device service 64, the device service64 may not merely forward these messages to the smart home devices 10Aand/or 10B that the device request messages are targeted too. Rather,the device service 64 may serve as the point of contact that third-partyapplication programs may use to access the smart home devices 10A and/or10B. The device service 64 then may communicate information and/orcommands provided by the applications to the smart home devices 10Aand/or 10B in a limited manner. This may reduce the risk that operationof the devices 10A and/or 10B is negatively impacted as a result ofaccess to those devices being provided to third partyapplications/devices. Moreover, as will be discussed further below, thedevice service 64 may include a rule-based rate-limiting component 153to prevent messages having certain parameters (e.g., deriving from aparticular instance of an application and/or from a particular user)from overwhelming the device service 64 and/or the smart home electronicdevices 10. The device service 64 may also include a device-state-basedmessage limiting component 154, which may cause request messages to beprovided to target electronic devices 10 in a way that does notsubstantially negatively impact the operation of the target electronicdevices 10.

In some embodiments, to assist the device service 64 in makingmessage-limiting decisions, the smart home devices 10A and/or 10B mayoccasionally transmit device operation status parameters 156 to thedevice service 64. The device service 64 may use the device operationstatus parameters 156 to determine when a message may be acceptablyprovided to a target electronic device 10 that would reduce the risk ofthe operation of the smart home devices 10A and/or 10B being negativelyimpacted as a result of the first and second applications accessingthose devices. In one example to be discussed further below, the deviceservice 64 may determine whether or not to provide a device updatesignal 158 based at least partly on the device operation statusparameters 156. For example, the device service 64 may limitcommunication sessions with the smart home devices 10A and/or 10B toprevent a battery level of the smart home devices 10A and/or 10B fromdropping so low that the smart home device 10A and/or 10B is more likelyto malfunction. It should be appreciated that while the device updatesignal 158 may be a communication in which the first and/or secondapplication request updates to a status or operation of the smart homedevices 10A and/or 10B, embodiments are not so limited. That is, messagelimiting may be applied to all communications desired to be sent to thesmart home devices by the cloud services on behalf of the first and/orsecond application services, and may include requests for information(e.g., requests for a status of the smart home devices) or other typesof communication.

The device operation status parameters 156 may correspond only to atarget smart home device 10 (e.g., the smart home device 10A), or maycorrespond to other smart home devices 10 that are in the vicinity ofthe target smart home device 10 (e.g., the smart home device 10A and thesmart home devices 10B). In one example, when the target smart homedevice 10 for the device request messages 144 and/or 150 are the smarthome device 10A, the device operation status parameters 156 maycorrespond substantially only to the smart home device 10A. In anotherexample, when the target smart home device 10 is one of the smart homedevices 10B, which is accessible by way of the smart home device 10A,the device operation status parameters 156 may contain operationalparameter information about both the smart home device 10A and the smarthome device 10B.

Before continuing, an alternative embodiment will be briefly discussed.Specifically, the smart home devices 10A and/or 10B may not provide thedevice operation status parameters 156 to the device service 64 for thepurposes of assisting the device service 64 in performing the messagelimiting logic discussed herein. Instead, the smart home devices 10Aand/or 10B may themselves determine (and use) an appropriate amount ofmessage limiting using the device operation status parameters 156. Doingso may not necessarily reduce the amount of communication that takesplace between the smart home devices 10A and/or 10B and the deviceservice 64, but may still achieve reductions in processing by and thuspower consumption by the smart home devices 10A and/or 10B. Suchself-management of incoming communications from third partyapplications/devices may be implemented in one or more of a number offashions. For example, in one embodiment, the smart home device 10A mayinclude both high and lower power wireless transceivers, as well as oneor more processors. The device may typically operate in a low power modewhere, e.g., the processor(s) are effectively inoperative, the highpower transceiver is inoperative, and the low power transceiver is in alistening mode. The message-limiting logic may be incorporated into thelow power transceiver and/or a low power processor associated with thelow power transceiver. When a communication from a third partyapplication/device is received, the low power transceiver and/or lowpower processor may apply the message-limiting logic to those incomingcommunications and decide whether to consume those communications (e.g.,wake-up a high power processor to process and/or respond to thosecommunications) based on that message limiting logic. It should beappreciated that although the smart home devices 10A and/or 10B maydetermine how to control consumption of communications, in someembodiments the smart home devices 10A and/or 10B may determine when tolimit communication and provide an indication of such to the deviceservice 64 (with or without the device operation status parameters 156)to allow the device service 64 to manage when to provide update signalsto the devices 10.

In any case, the device operation status parameters 156 may representany suitable characteristics of the operation status of the smart homedevices 10A and/or 10B that may affect the proper functioning of thesmart home devices 10A and/or 10B. Thus, the device operation statusparameters 156 may include, for example: a battery level 159 indicativeof an amount of charge remaining in a battery of the smart home device;a charging rate 160 indicative of a current rate that the battery of thesmart home device is charging; a current device age 161 indicative of aperiod of use since initial install, a period of use since manufacture,a period of use since original sale, etc.; a planned lifespan 162indicative of an expected useful operational duration of the smart homedevice; an amount of recent wireless use 163 (selected within a timespanrecent enough to substantially affect an internal temperature of thesmart home device 10); a direct measurement of an internal devicetemperature 164; and/or device operation status parameters for connecteddevices 165. The operational status parameters for connected devices 165may represent any suitable operational parameters that may describe thesmart home devices 10 (e.g., smart home device 10A) through which thedevice service 64 may use to connect to a target smart home device 10(e.g., one of the smart home devices 10B). For example, regarding theoperational status parameters for connected devices 165, if the targetsmart home device 10 is the last smart home device 10B through threesmart home devices 10 in three communication “hops”, the deviceoperation status parameters 156 associated with these three interveningsmart home devices 10 may be included. This may allow the device service64 to limit communication to the final node in a mesh network of smarthome devices 10 to preserve the desired operation of all of theintervening smart home devices 10.

Each of the device operation status parameters 156 discussed above willbe discussed further below. Moreover, it should be appreciated that thevarious specific device operation status parameters 156 shown in FIG. 5are provided by way of example. As such, the device operation statusparameters 156 shown in FIG. 5 should not be understood to beexhaustive, but merely representative of possible operational parametersthat may be considered for effective message limiting. For example,additional device operation status parameters may include a currentoperation of the device (e.g., sleeping, awake, Wifi active/inactive,executing a demand-response algorithm, executing a time-to-temperaturealgorithm, etc.).

The device service 64 may perform device-state-based message limitingusing the device operation status parameters 156 in any suitable manner.In one example, shown by a flowchart 170 of FIG. 6, the device service64 may receive one or more of the device operation status parameters 156from a target smart home device 10 (e.g., the smart home device 10A)(block 172). The device service 64 may receive the device operationstatus parameters 156 occasionally from the target smart home device 10(e.g., periodically or at a different time when the smart home device10A is an “awake” state). Additionally or alternatively, the deviceservice 64 may occasionally poll the smart home device(s) to requestdevice operation status parameters 156 on occasion (e.g., periodically)or in response to receiving a device request message (e.g., 144 or 150).

The device service 64 may receive a device request message (e.g., the144 or 150) (block 174), and may determine whether to communicate anupdate signal from the device service 64 to the target smart device 10A(block 176) on behalf of a third party application/device. Because, insome embodiments, the device service 64 determines whether to providethe update signal not merely based on the particular type of smart homedevice 10, but rather on the specific device operation status parameters156 associated with the smart home device 10, different installations ofthe same type of smart home devices 10 may receive update signals fromthe device service 64 at different times. In this way, a relativelyhigher number of update signals may be provided for devices with certaindevice operation status parameters 156 (e.g., a relatively high batterylevel and/or a relatively high charging rate), while a relatively lowernumber of update signals may be provided for devices with other deviceoperation status parameters 156 (e.g., a relatively low battery leveland/or a relatively low charging rate). Thus, the device service 64 mayprovide or not provide a corresponding device update signal 158 thatincludes or incorporates the information of the device request message(e.g., 144 or 150).

Indeed, the device operation status parameters 156 may indicate whethera providing an update signal could cause the target smart home device 10(e.g., the smart home device 10A) to behave in a manner unsatisfactoryfor its desired user experience. As seen in FIG. 7, a plot 190 shows asensed temperature of the device (plot 192), sensed relative humidity(plot 194), and device battery level (plot 196) over time. In the plot192, data communication is plotted as a curve 198. In particular, thecurve 198 represents temperature setpoints programmed to the smart homedevice 10A. Thus, the rate of update signals sent to the smart homedevice 10 may be evident by seeing how the temperature setpoints of thecurve 198 are changing. From a time t1 to t2, communication is providedto the target smart home device at a rate of 1 “bucket” (i.e., fixedamount of data) per 5 minutes (indicated in the curve 198 as a differenttemperature setpoint approximately every 5 minutes). During this time,the temperature of a test chamber where the device 10 is being testedremains the same, and the sensed temperature illustrated by thetemperature curve 200 and a sensed relative humidity curve 202 remainstable. Also during this time, a battery curve 204 shows that thebattery level of the target smart home device 10 may become immediatelybut temporarily lower, as the low frequency of informational messagesbeing communicated to the device is low enough to allow the battery torecharge between communications.

Between times t2 and t3, no communication takes place, the battery levelis maintained to be approximately constant, and humidity and temperatureare also approximately constant until the point in time nearing t3.Here, the sensed temperature of the curve 198 increases because thetemperature of the test chamber has been increased. Under a highertemperature, the device 10 may be more likely to incorrectly sensetemperature. Between t3 and t4, the rate of communication is increasedto 1 “bucket” per minute. This causes the device 10 to less accuratelysense the temperature (curve 198) or relative humidity (curve 202). Bothcurves 198 and 202 vary, even though the actual temperature and humidityof the test chamber remained constant. This may imply that the internaltemperature of the smart home device 10, varying due to increased levelsof communication. The increased rate of communication, then, is believedto change the ability of certain sensors 12 in the target smart homedevice 10 to behave as desired. Moreover, the battery level is shown todecrease precipitously between times t3 and t4 when the rate ofcommunication is increased to 1 “bucket” per minute. Indeed, increasingthe communication to 1 “bucket” per 30 seconds between times t5 and t6may cause the target smart home device 10 to behave even moreunsatisfactorily. Specifically, between times t5 and t6, the batterylevel is shown to drop so low that the target smart home device 10becomes substantially unusable (e.g., Wifi communication may becomeinoperable, a high-powered processor may become inoperable, etc.) untilthe battery level is recharged.

Another group of plots 220 of FIG. 8 compare sensed temperature (plot222) and battery level (plot 224) for a lower-power smart home device 10that includes a slower recharging rate than that described in FIG. 7. Asseen in FIG. 8, from times t1 to t2, a communication rate shown by acurve 226 is limited to 30 “buckets” per hour. During this time period,a sensed temperature shown by a curve 228 varies, and a battery levelshown by a curve 230 also drops, but relatively slowly. Moreover, aftera period of no communication between times t2 and t3, the battery levelrises sufficiently. Indeed, the battery level remains relatively steadyfrom times t3 to times t8 as the rate of communication is decreased.Specifically, as shown in FIG. 8, the communication rate is 24 “buckets”(sessions) per hour from times t3 to t4, 18 “buckets” (sessions) perhour from times t5 to t6, and 12 “buckets” (sessions) per hour fromtimes t7 to t8. All of these relatively lower communication rates allowthe smart home device 10 enough time to recover after changes intemperature and/or battery level. In other words, these communicationrates, for the particular smart home device modeled by the group ofplots 220, are sustainably low enough to maintain the proper functioningof the smart home device 10.

From the plots shown in FIGS. 7 and 8, it may be appreciated that amongthe various device operation status parameters 156, the battery level159 may be one of those substantially affected by the communication ratewith the target smart home device 10. As such, as shown by a flowchart250 of FIG. 9, the battery level 159 and/or charging rate 160, deviceage 161, and/or planned lifespan 162, as well as whether the battery ofthe smart home device is or is not rechargeable, may be used todetermine whether or not to provide a communication signal to anelectronic device on behalf of a third party application/device. In theexample of FIG. 9, the device service 64 may receive a device requestmessage (e.g., 144 or 150) (block 252). The device service 64 mayconsider at least a battery level 159 of the smart home device 10 (block254). The device service 64 may or may not consider the charging rate160, the device age 161, and/or the device planned lifespan 162 as well.Indeed, the charging rate 160, the device age 161, and/or the deviceplanned lifespan 162 may be used to determine what threshold(s) thebattery level 159 should be compared to determine whether or not toprovide an update signal 158. That is, the device service 64 maydetermine whether to send an update signal depending on how quickly thebattery level 159 is likely to charge or discharge over its lifespan.

Briefly considering FIGS. 10-12 before continuing, the battery level 159may be compared to a static threshold that is the same for all smarthome devices 10, or may be compared to one or more battery levelthresholds that may vary depending on other characteristics of the smarthome device 10A, such as the charging rate 160, device age 161, and/orthe planned lifespan 162 of the smart home device 10. For example, FIG.10 illustrates battery level thresholds for a smart home device 10 witha rechargeable battery that charges at a relatively fast rate, whileFIG. 11 illustrates battery level thresholds for a smart home device 10with a rechargeable battery that charges at a relatively slower rate.FIG. 12 illustrates battery level thresholds that may vary depending onthe age of the smart home device 10 and its planned lifespan.

In a battery level plot 256 of FIG. 10, a battery level 258 from 0% to100% is shown next to a measured battery level 260 of the smart homedevice 10. In the example of FIG. 10, the battery is a rechargeablebattery and the charging rate is relatively fast. A first threshold 262may represent a minimum battery level to allow device update signals158. A second battery level threshold 264 may represent a minimumbattery level to allow for device update signals 158 without providing awarning message to third-party applications that future message may notgo through because they may be limited due to a low battery level.

Likewise, in a battery level plot 266 of FIG. 11, a battery level 268from 0% to 100% is shown next to a measured battery level 270. In FIG.11, the thresholds 262 and 264 are shown to have been selected to behigher than those in FIG. 10. This is to account for the relativelyslower charging rate of the battery of the associated target smart homedevice 10. Namely, to ensure that the operation of the smart home device10 remains satisfactory, higher charging rates may correspond withhigher thresholds 262 and/or 264, and vice-versa.

The battery level thresholds may be even higher for non-rechargeablebatteries. FIG. 12 illustrates a plot 272 associated with a smart homedevice with a non-rechargeable battery. The plot 272 compares a totallifespan 274 in years to a remaining battery life 276 in years, and aremaining lifespan 278 of the target smart home device 10. The remaininglifespan 278 of the target smart home device 10 may be determined, forexample, by comparing the device age 161 with the planned devicelifespan 162. Regardless of how the remaining lifespan 278 iscalculated, the remaining lifespan 278 may be used to determine thefirst threshold 262 and/or second threshold 264 to permit communicationwith the smart home device. That is, the thresholds 262 and/or 264 maybe relatively higher when the smart home device 10 is younger than whenit is older, to ensure that the smart home device 10 continues tooperate as desired for its planned lifespan.

Returning to the flowchart 250 of FIG. 9, when the battery level 159 ofthe target smart home device 10 is not above the first threshold 262(decision block 280), the device service 64 may return an error to theapplication service and/or application that submitted the device request(block 282). This is indicated in block 282 as an error for an immediatedevice request message, because longer-termed requests that are nottime-sensitive may be held until the device service 64 determines thatcommunication messages can be sent without reducing the satisfactoryperformance of the target smart home device 10.

If the battery level is above the first threshold 262 (decision block280) but is not above the second threshold 264 (block 284), the deviceservice 64 may issue the device update signal 158, but may provide awarning message to the application and/or application service that sentthe device request message (block 286). When the battery level is aboveboth the first threshold 262 (decision block 280) and the secondthreshold 264 (decision block 284), the device service 64 may issue thedevice update signal 158 without providing a warning (block 288). Itshould be appreciated that more or fewer thresholds may be employed,with varying levels of warnings. Moreover, the same decisions of theflowchart of FIG. 9 may be used to set a particular rate limit, ratherthan deciding whether to send a particular message. For example, whenthe battery level is below the first threshold 262, the rate limit maybe set to be relatively low (e.g., 0 “buckets” (sessions) per minute),increasing as the battery level crosses the first threshold 262 (e.g.,12 “buckets” (sessions) per hour) and/or second threshold 264 (e.g., 1“bucket” (session) per minute). Moreover, it should be appreciated thatthe flowchart 250 is provided by way of example, and that the blocksshown may be performed in other orders. For instance, the thresholds maybe compared in different orders to determine whether or not to send adevice update signal 158.

Because the wireless usage 163 and/or the internal temperature 164 couldcause the target smart home device 10 (e.g., the target smart homedevice 10A of FIG. 5) to improperly sense properties of itssurroundings, thereby inhibiting the user experience of the smart homedevice 10, a flowchart 300 of FIG. 13 describes a manner of messagelimiting to the target smart home device 10 when these characteristicsare too high. In the example of FIG. 13, the device service 64 mayreceive a device request message (e.g., 144 or 150) (block 302). Thedevice service 64 may consider the recent wireless usage 164 and/or theinternal temperature 164 of the target smart home device 10. The deviceservice may compare these characteristics to one or more thresholdvalues in a similar manner to the comparison of battery level thresholdsdescribed in FIGS. 9-12.

For example, if the amount of recent wireless usage 163 and/or theinternal temperature 164 is above a first threshold (decision block306), the device service 64 may return an error message (block 308) andmay not provide a device update signal 158. If the recent wireless usage163 and/or the internal temperature 164 are above the first threshold(decision block 306) but below a second threshold (decision block 310),the device service 64 may issue the device update signal 158, but replyto the application or application service that sent the device requestmessage with a warning that the temperature of the device is getting toohigh or is approaching an unsatisfactory limit (block 312). If therecent wireless usage 163 and/or the internal temperature 164 is abovethe first threshold (decision block 306) and the second threshold(decision block 310), the device service 64 may provide the deviceupdate signal 158 without issuing an warnings (decision block 314).Moreover, the same decisions of the flowchart of FIG. 13 may be used toset a particular rate limit, rather than deciding whether to send aparticular message. For example, when the recent wireless usage 163and/or the internal temperature 164 are below the first threshold 262,the rate limit may be set to be relatively low (e.g., 0 “buckets”(sessions) per minute), increasing as the recent wireless usage 163and/or the internal temperature 164 cross the first threshold 262 (e.g.,12 “buckets” (sessions) per hour) and/or second threshold 264 (e.g., 1“bucket” (session) per minute).

As mentioned above, a target smart home device 10 (e.g., a target smarthome device 10B) may be accessible by the device service 64 throughanother smart home device 10 (e.g., smart home device 10A). Sinceissuing messages to the target smart home device 10, in such asituation, could consume battery resources of intervening devices 10and/or increase a wireless usage and/or a temperature of suchintervening devices 10 (e.g., the smart home device 10A), the deviceservice 64 may consider device operation status parameters associatednot only with the target smart home device, but also in any interveningdevices 10. In a flowchart 320 of FIG. 14, for example, the deviceservice 64 may receive one or more request messages (e.g., 144 or 150)for a target smart home device 10 that is accessible by the deviceservice 64 through another smart home device (e.g., the smart homedevice 10A) (block 322). The device service 64 may determine a ratelimit that may maintain satisfactory operation of all of these smarthome devices 10 (block 324). Thus, the device service 64 may determineto provide or not to provide the device update signal 158 according tothe message limiting determination to maintain satisfactory operation ofthe target smart home device 10 (e.g., the smart home device 10B) andany intervening smart home devices (e.g., the smart home devices withthe smart home device 10A) (block 326).

Rule-Based Rate Limiting

Additionally or alternatively to the device-state-based message limitingdiscussed above, the device service 64 (and/or one or more of the smarthome devices 10) may perform rule-based rate limiting using therule-based rate-limiting component 153. One example of a system 350 ofusing the rule-based rate-limiting component 153 appears in FIG. 15. Asused in this disclosure, the term “rate limiting” refers to the act ofselectively permitting a message 352 (e.g., from the applications 142and/or 148) that is en route to a destination (e.g., another componentof the device service 64 or to a target smart home device 10) to passdepending on various parameters 354 associated with the message 352. Therate limiting of this disclosure is referred to as “rule-based” becausemessages 352 may be restricted from passage based on rules relating toany suitable number of ascertainable parameters 354 of the messages 352.

A few non-limiting examples of these parameters 354 include anidentifier of an instance of an application that sent the message (e.g.,client id), a user identifier associated with the message (e.g., userid), an identifier of an electronic device that sent the message, anindication of a network location where the message was sent from (e.g.,an Internet Protocol (IP) address), an indication of an organizationassociated with the application (e.g., a developer of the application, acompany sharing a relationship such as a distribution agreement with thedeveloper, a technical cooperation or standards organization, or anonline application store where the application was sold, to name a fewexamples), a time when the message was sent or received, content of themessage (e.g., whether the message is seeking to issue a command tochange the operation of a smart home device 10 or merely to requestinformation regarding the smart home device 10), a type of smart homedevice 10 to which the message pertains, a specific smart home device 10to which the message pertains, and/or any other suitable parameterrelating to the message. Rules incorporating one or more of theseparameters may be used to selectively rate-limit messages according tothe parameters of the messages.

The rule-based rate-limiting component 153 may include any suitablenumber of rules 356 based on any suitable parameters 354. In the exampleshown in FIG. 15, the rule-based rate-limiting component 153 includes afirst rule 356A and a second rule 356B. It should be appreciated thatthe rules 356 shown in FIG. 15 are provided by way of example and arenot intended to be exhaustive. Indeed, the rule-based rate-limitingcomponent 153 may employ more or fewer rules 356, and these rules 356may pertain to more or fewer parameters 354.

Continuing with the example of FIG. 15, the first rule 356A limits thenumber of messages 352 originating from a particular applicationinstance/user pair to no more than 20 messages per minute. The secondrule 356B limits the number of messages 352 originating from aparticular application instance/user pair to no more than 60 messagesper hour. Respective tracking buckets 358A and 358B that may containrespective sliding window counters 360A and 360B may maintain respectivesliding window counts corresponding to the rules 356A and 356B. When thesliding window counter 360A exceeds the prescribed limit of the rule356A (e.g., more than 20 messages within the last minute), a restrictionbucket 362A may be generated, activated, and/or invoked to cause therule-based rate-limiting component 153 to take a specified restrictiveaction upon receipt of a message 352 having a particular set ofparameters 354 (e.g., originating from the application instance/userpair, though other parameters may be used in addition or alternativelyto those of the rule 356A). Likewise, when the sliding window counter360B exceeds the prescribed limit of the rule 356B (e.g., more than 60messages within the last 2 hours), a restriction bucket 362B may begenerated, activated, and/or invoked to cause the rule-basedrate-limiting component 153 to take a specified restrictive action uponreceipt of a message 352 having a particular set of parameters 354(e.g., originating from the application instance/user pair, though otherparameters may be used in addition or alternatively to those of the rule356B). The restrictive action may involve blocking, delaying, and/orredirecting the message 352 and/or replying with an error or warningmessage.

Each restriction bucket 362 may be understood to operate as a“restriction flag.” As used herein, the term “restriction flag” refersto a component that causes the rule-based rate-limiting component 153 tocatch messages 352 having matching certain parameters 354 and to takecertain restrictive action in relation to those messages 352. The term“restriction flag” and “restriction buckets” will be usedinterchangeably in this disclosure. It should be noted that therestriction buckets 362A and 362B are shown in FIG. 15 as separate fromthe tracking buckets 358A and 358B. As will be discussed further below,this may allow the restriction of messages 352 to take placesynchronously to their receipt. By contrast, the determination ofwhether to restrict the messages 352 (e.g., by tracking certain messages352 with a tracking bucket 358 and generating or activating therestriction bucket 362 when the number of messages 352 exceeds a limit)may take place asynchronously to the receipt of the messages 352. As aresult, the latency associated with tracking the messages 352 may be atleast partially dissociated from the latency associated with restrictingthe messages 352.

As noted above, the sliding window counters 360 (e.g., 360A or 360B) ofthe rule-based rate-limiting component 153 may progressively track thetotal number of messages 352 that match particular criteria (e.g., havethe same parameters 354 as those listed in a rule 356). As such, thecounts stored in sliding window counters 360 may change over time. Oneexample of the manner in which sliding window counters 360 may adjusttheir counts of messages 352 having particular parameters 354 isprovided in FIGS. 16A and B.

In FIGS. 16A and B, dots representing messages 352 appear on a timeline392 representing time from 8:00 AM to midnight. In FIG. 16A, the time iscurrently 10:00 PM. The messages 352 are understood all to have aparticular set of parameters 354 (e.g., originating from the sameparticular application instance and associated user). Moreover, in theexample of FIGS. 16A and B, the rule-based rate-limiting component 153is understood to be counting the messages 352 based on the rules 356Aand 356B shown in FIG. 15. To recall, these rules 356 limit messages 352from a single application instance/user pair to (1) no more than 20messages per minute (rule 356A) and (2) no more than 60 messages perhour (rule 356B). As such, FIGS. 16A and B show the first sliding windowcounter 360B, which represents a count of all such messages 352 thathave been received within the last minute, and the second sliding windowcounter 360B, which represents a count of all such messages 352 thathave been received in the last hour.

In the example of FIG. 16A, the sliding window counter 360A contains acount of 5 (within the allowable limit of 20), but the sliding windowcounter 360B contains a count of 66 (above the allowable limit of 60).Thus, the rule-based rate-limiting component 153 may take a restrictiveaction for additional messages 352 that are received while the slidingwindow counter 360B remains above the limit of its corresponding rule356B.

Over time, however, the counts of the sliding window counters 360A and360B may change. Indeed, the effect of aging out the counts of themessages 352 is evident in FIG. 16B, which shows the counts of thesliding window counters 360A and 360B at 11:00 PM. Now, the slidingwindow counter 360A contains a count of 6 (within the allowable limit of20) and the sliding window counter 396 contains a count of 42 (alsowithin the allowable limit of 60). Accordingly, if there are not otherrules 356 pertaining to the messages 352, the rule-based rate-limitingcomponent 153 may no longer be taking a restrictive action foradditional messages 352.

Thus, one example of the rule-based rate-limiting component 153 mayoperate as described in a flowchart 420 of FIG. 17. Namely, therule-based rate-limiting component 153 may receive a request message 352(block 422) and determine parameters 354 relating to the message 352(block 424). The rule-based rate-limiting component 153 may compare theparameters 354 of the message 352 to those of any currently active rules356 and maintain a sliding window count of those messages 352 (block426). When the sliding window count exceeds a limit of a rule 356, therule-based rate-limiting component 153 may take a restrictive action(e.g., blocking, delaying, or redirecting a message 352, or issuing awarning or error when another such message 352 is received) (block 428).

Before continuing, a brief example of rules and restrictions written inpseudocode are provided. An example of a rule 356 may be as follows:

{

-   -   “id”: 12,    -   “parameters”: [“client_id” (bound), “user_id” (bound),    -   “time_of_day”],    -   “expression”: “& 1, &2, &3 between 12 am and 4 am”

}

An example of a restriction bucket 362 based on the rule 356 may be asfollows:

{

-   -   “rule”: 12,    -   “parameters”: [“client_id”: 123, “user_id”: 8],    -   “action”: reject

}

In the example pseudocode above, any request for user 8 and client 123will be rejected at any time between midnight and 4:00 AM. Both rules356 and restriction buckets 362 may be loaded by a filter on start-up,but may also be updated dynamically at runtime. This may be relativelyfrequent in the case of the restriction buckets 362, since they may bedue to a sliding window counter 360 exceeding some limit.

In some examples, the rule-based rate-limiting component 153 may have anorganizational structure that reduces the latency incurred in filteringthe messages 352. As seen in FIG. 18, the rule-based rate-limitingcomponent 153 may receive the incoming request messages 352 en route toa destination and provide outgoing responses 438 (e.g., a response fromthe destination or a warning or error message from the rule-basedrate-limiting component 153). To reduce latency incurred in filteringthe messages 352, the example of the rule-based rate-limiting component153 of FIG. 18 includes one or more synchronous message filteringcomponents 440 and one or more asynchronous rate-limiting determinationcomponents 442. The synchronous message filtering component(s) 440 mayidentify messages 352 having parameters targeted for some restrictiveaction, while the asynchronous rate-limiting determination component(s)442 may control the synchronous message filtering component(s) 440. Inthis way, latency incurred by tracking the messages 352 may have less ofan impact on the filtering of the messages 352.

In the example of FIG. 18, the synchronous messages filteringcomponent(s) 440 include a pre-authorization filter 444, anauthorization filter 446, and a post-authorization filter 448. Theasynchronous rate-limiting determination component(s) 442 include a ratelimiter service 458 and/or shared counters 464 and 466, and may updatethe pre-authorization filter 444 and post-authorization filter 448. Itshould be appreciated, however, that this is intended to be merely oneexample of the rule-based rate-limiting component 153. Indeed, more orfewer synchronous message component(s) 440 may be used, and thesynchronous message component(s) 440 may be called or removed asdesired. It may be noted that the shared counters 464 and 466 may beused in a form of circuit-breaker type of rate limiting to prevent amisbehaving client from putting through a large number of requestsbefore they are blocked by an asynchronous restriction. That is, in someembodiments, the synchronous message filtering component 440 may performcertain counts of large numbers of quickly received messages 352 from aparticular source using the shared counters 464 and 466.

When the synchronous message filtering component 440 includes thepre-authorization filter 444 and the post-authorization filter 448, thepre-authorization filter 444 may take restrictive action based onparameters 354 that can be determined without first authorizing themessages 352. By contrast, the post-authorization filter 448 may takerestrictive action based on parameters 354 that can be determined afterauthorizing the messages 352. For example, a parameter 354 such as thenetwork location (e.g., IP address) that the message 352 was sent frommay be ascertainable without authorizing the message 352, whileparameters 354 such as the application instance and/or user may beascertainable only after authorization.

The pre-authorization filter 444 and the post-authorization filter 448may compare certain parameters 354 of the messages 352 according to oneor more rule(s) 356 and may have any suitable filter structure. Forexample, in one example, the structure may be that of a Finagle filteror Netty channel handler, or both. The rule(s) 356 of thepre-authorization filter 444 may be the same as or different from therule(s) 356 of the post-authorization filter 448. For instance, therule(s) 356 of the pre-authorization filter 444 may include, forexample, taking restrictive action based on a number of messagesreceived from a particular IP address within a specified amount of time.The rule(s) 356 of the post-authorization filter 448 may include, forexample, taking restrictive action based on a number of messagesreceived from a particular instance of an application and/or user withina specified amount of time.

The pre-authorization filter 444 and the post-authorization filter 448may not actively track the number of messages 352 having parameters 354that match the rules 356. Rather, the pre-authorization filter 444 andthe post-authorization filter 448 may compare the parameters 354 of themessages 352 to those of the rules 356 and indicate that such messages352 have been received to the rate limiter service 452 and/or the sharedcounters 464 and 466. The rate limiter service 458 then may maintaintracking buckets 358 and sliding window counters 360 (which maycorrespond to the shared counters 464 or 466 in some embodiments) basedon these indications. The rate limiter service 458 may maintain thetracking buckets 358 and sliding window counters 360 according to one ormore rules 356, which may or may not correspond to the rule(s) 356 ofthe pre-authorization filter 444 or post-authorization filter 448.

When the sliding window counter 360 of a tracking bucket 358 exceeds alimit set by a corresponding rule 356 in the rate limiter service 458,the rate limiter service 458 may generate or activate a correspondingrestriction bucket 362 in the pre-authorization filter 444 orpost-authorization filter 448. For example, there may be a rule 356(e.g., 356A) not to exceed 20 messages per minute from a particularapplication instance/user pair. When this happens, the rate limiterservice 458 may generate or activate a corresponding restriction bucket362 in the post-authorization filter 448, thereby setting a restrictionflag for the post-authorization filter 448 to take restrictive actionwhen a corresponding message 352 is next received. Since maintaining thesliding window count involves some processing, by doing thisasynchronously in the rate limiter service 458 rather than synchronouslyin the post-authorization filter 448, the latency involved in filteringthe messages 352 may be reduced.

Thus, the synchronous message filtering component(s) 440 may operate atleast in part according to a flowchart 480 of FIG. 19. Upon receipt ofan incoming request message 352 (block 482), one or more of thesynchronous message filtering component(s) 440, such as thepre-authorization filter 444 or the post-authorization filter 448, mayparse one or more parameters 354 pertaining to the message 352 (block484). The parameters 354 of the message 352 may be checked againstparameters 354 of a rule 356 (block 486). While the parameters 354 donot match (decision block 488) and there are more rules 356 (decisionblock 490), the synchronous message filtering component(s) 440 maycontinue to check against rules 356 (block 486) until a match is found(decision block 488) or until there are no more rules 356 to compare(decision block 490).

When the parameters 354 of the message 352 do match the parameters 354of a rule 356 (decision block 488), the synchronous message filteringcomponent(s) 440 may check whether that implicated rule 356 isassociated with any active restriction buckets 362 (block 492). If so(decision block 494), the synchronous message filtering component(s) 440may take the action prescribed by the restriction bucket 362 and/or rule356 (block 496). On the other hand, if the implicated rule 356 is notassociated with any active restriction buckets 362 (decision block 494),the synchronous message filtering component(s) 440 may generate acounter event associated with the rule 356 (block 498).

After generating and/or sending the counter event at block 498, thesynchronous message filtering component(s) 440 may continue to checkagainst rules and carry out blocks 490, 486, 488, 492, 494, 498, untilthere are no more rules (decision block 490). At this point, thesynchronous message filtering component(s) 440 may send indications ofthe counter events that have been generated to the asynchronousrate-limiting determination component(s) 442 (block 500) and allow themessage 352 to pass (block 502). As noted above, the asynchronousrate-limiting determination component(s) 442, such as the rate limiterservice 458, may use these counter events to maintain correspondingtracking buckets 358 and determine whether to cause restriction buckets362 to be generated or activated in the synchronous message filteringcomponent(s) 440. In this way, message restriction may take placesynchronously to the receipt of the messages 352 while the determinationof whether to restrict the messages 352 may take place asynchronously.

One example of the overall operation of the rule-based rate-limitingcomponent 153 appears in a flowchart 510 of FIG. 20. Upon receipt of amessage 352 (block 512), the rule-based rate-limiting component 153 mayperform synchronous filtering (blocks 512) and asynchronousrate-limiting determination (blocks 514). Namely, as noted above, therule-based rate-limiting component 153 may determine whether theparameters 354 of the message 352 match those of any restriction rules356 (decision block 518) and, if so, the rule-based rate-limitingcomponent 153 may determine whether there is a corresponding activerestriction bucket 362 (decision block 520). If there is a correspondingactive restriction bucket 362, the rule-based rate-limiting component153 may take a restrictive action as prescribed by the restriction rule356 or the restriction bucket 362. If the restrictive action is ablocking action (decision block 522), the message 352 may be blocked(block 524). Otherwise, the rule-based rate-limiting component 153 maytake a corresponding non-blocking action, such as delaying orredirecting the message 352, or issuing a warning or error message inreply. Thereafter, the rule-based rate-limiting component 153 may passthe message 528 and/or track the message 352 against tracking rules 356.

For example, if there are no tracking rules 356 (decision block 530),the flowchart 510 may end (block 532). Otherwise, the rule-basedrate-limiting component 153 may create a tracking bucket 358 if not yetgenerated and increment a corresponding sliding window counter 360(block 534). If a limit has not been reached in the sliding windowcounter 360 (decision block 536), the flowchart 510 may end (block 538).If a limit has been reached in the sliding window counter 360 (decisionblock 536), the rule-based rate-limiting component 153 may generate oractivate a restriction bucket 362 (block 540) and the flowchart 510 mayend (block 542).

An object data model 550 that may be used to carry out the rule-basedrate-limiting component 153 appears in FIG. 21. The object data model550 illustrates a variety of components (e.g., objects) that may becalled in carrying out the rule-based rate-limiting component 153 andtheir relationships. The object data model 550 uses crow's footnotation. It should be understood that the object data model 550 merelyrepresents one particular manner of carrying out the rule-basedrate-limiting component 153.

The various components of the object data model 550 of FIG. 21 includesa parameter type component 552, which may include a parameter typeidentifier, a name, and a description. The parameter type component 552may be used by zero or more action parameter components 554 and one ormore parameter components 556. The action parameter components 554 mayhave an action parameter identifier, a name, the parameter typeidentifier to which it pertains, and a description. The parametercomponents 556 may have a parameter identifier, a name, the parametertype identifier to which it pertains, and a description.

Each rule component 558 may be associated with one or more ruleparameter components 560. The rule components 558 may include a ruleidentifier, a name, a condition defining the rule, and a description.Although not expressly shown in FIG. 21, the rule components 558 may betracking rule components having tracking rule identifiers or restrictionrule components having restriction rule identifiers. The rule parametercomponents 560 may also be associated with a tracking bucket parametercomponent 562. The rule parameter components 560 thus may include a ruleidentifier, parameter identifier, and a tracking bucket identifier towhich they pertain. Each tracking bucket parameter component 562 mayinclude a bucket identifier, a parameter identifier to which itpertains, and parameter value that is being tracked. One or moretracking bucket parameter components 562 may pertain to a trackingbucket component 564. The tracking bucket components 564 may eachinclude a tracking bucket identifier, a rule identifier to which itpertains, and a sliding window count. Each tracking bucket component 564pertains to one and only one rule component 558, but each rule component558 may pertain to zero or more tracking bucket components 564.

Limit components 566 may be associated with zero or more limit parametercomponents 568. The limit components 566 may each be identified by atracking bucket identifier and may include a tracking rule identifier, arestricting rule identifier, a count value, a time period, and an actionidentifier (discussed further below). The limit component 566 maypertain to zero or more limit parameter components 568, which mayinclude a limit identifier to which it pertains, a parameter identifierto which it pertains, and a parameter value.

A restriction bucket component 570 may pertain to a limit component 566or to a tracking bucket component 564. Each restriction bucket component570 may have a restriction bucket identifier and may include a trackingbucket component to which it pertains, a limit identifier to which itpertains, a creation time, and an expiration time. One or morerestriction bucket parameter component 572 may pertain to eachrestriction bucket component 570. Each restriction bucket parametercomponent 572 may include a restriction bucket identifier to which itpertains, a parameter identifier to which it pertains, and a parametervalue.

One or more limit action components 574 may be associated to each limitcomponent 566. There may be zero or more limit action components 574associated with a given action component 576. The action component 576may include an action identifier, a name, a description, and an action(e.g., block message, redirect to a particular network address, and soforth). The limit action component 574, zero or more of which maypertain to an action component 576 and a limit component 566, thus maybe identified by both an action identifier and a limit identifier. Thelimit action component 566 may include a name, a description, and anindication of the action to take (e.g., block message, redirect to aparticular network address, and so forth). Zero or more limit actioncomponents 578 may pertain to a limit action component, and may includean action identifier, a limit identifier, an action parameteridentifier, and a value at which to take action.

It should be appreciated that the object data model 550 represents onlyone data model that may be used to construct the rule-based rate-limitercomponent 153. Indeed, although the object data model 550 may enable amodular and highly extendable way of implementing the rule-basedrate-limiter component 153, the rule-based rate-limiter component 153may be constructed using less modular and less extendable components.

The specific embodiments described above have been shown by way ofexample, and it should be understood that these embodiments may besusceptible to various modifications and alternative forms. It should befurther understood that the claims are not intended to be limited to theparticular forms disclosed, but rather to cover all modifications,equivalents, and alternatives falling within the spirit and scope ofthis disclosure.

What is claimed is:
 1. A method of message rate limiting by a smart-homedevice, the method comprising: determining, by the smart-home device,one or more device operation status parameters of the smart home devicecomprising: a battery level of the smart-home device; a battery chargingrate of the smart-home device; an age of the smart-home device; aplanned lifespan of the smart-home device; a recent wireless usage ofthe smart-home device; an internal temperature of the smart-home; or anyof the above in relation to an intervening device over whichcommunication to the smart-home device travels; or any combinationthereof; receiving, by the smart-home device while the smart-home deviceis in a low-power mode, an incoming communication directed to thesmart-home device from a server; based at least in part on the one ormore device operation status parameters, determining, by the smart-homedevice while the smart-home device is in the low-power mode, to:transition to a high-power mode; and consume the received communication;or: remain in the low-power mode; and ignore the communication.
 2. Themethod of claim 1, wherein the one or more device operation statusparameters are used to determine whether to transition to the high-powermode by: determining whether the battery level exceeds a firstthreshold; and determining not to transition to the high-power mode whenthe battery level does not exceed the first threshold.
 3. The method ofclaim 2, when the battery level exceeds the first threshold, determiningto: transition to the high-power mode; and consume the receivedcommunication.
 4. The method of claim 2, comprising determining thefirst threshold based at least in part on the battery charging rate ofthe smart-home device, the age of the smart-home device, or the plannedlifespan of the smart-home device, or any combination thereof.
 5. Themethod of claim 1, wherein transitioning to the high-power modecomprises waking-up a high-power processor, a high-power wirelesstransceiver, or both.
 6. The method of claim 1, wherein the smart-homedevice comprises a thermostat, a hazard detector, a smart doorbell, asecurity system, an irrigation system, a smart television, a soundsensor, or any combination thereof.
 7. The method of claim 1, whereinthe server is connected to the same local area network as the smart-homedevice, or the server is a cloud-based server.
 8. An electronic devicecomprising: a low-power wireless transceiver; a low-power processorcoupled to the low-power wireless transceiver; the electronic deviceconfigured to: determine one or more device operation status parametersof the electronic device comprising: a battery level of the electronicdevice; a battery charging rate of the electronic device; an age of theelectronic device; a planned lifespan of the electronic device; a recentwireless usage of the electronic device; an internal temperature of theelectronic; or any of the above in relation to an intervening deviceover which communication to the electronic device travels; or anycombination thereof; receive, by the low-power processor while theelectronic device is in a low-power mode, an incoming communicationdirected to the electronic device from a server; based at least in parton the one or more device operation status parameters, determine, by thelow-power processor while the electronic device is in the low-powermode, to: transition to a high-power mode; and consume the receivedcommunication; or: remain in the low-power mode; and ignore thecommunication.
 9. The electronic device of claim 8, wherein the one ormore device operation status parameters are used to determine whether totransition to the high-power mode by: determining whether the batterylevel exceeds a first threshold; and determining not to transition tothe high-power mode when the battery level does not exceed the firstthreshold.
 10. The electronic device of claim 9, when the battery levelexceeds the first threshold, the electronic device is configured to:transition to the high-power mode; and consume the receivedcommunication.
 11. The electronic device of claim 9, wherein theelectronic device is configured to determine the first threshold basedat least in part on the battery charging rate of the electronic device,the age of the electronic device, or the planned lifespan of theelectronic device, or any combination thereof.
 12. The electronic deviceof claim 8, comprising: a high-power wireless transceiver; and ahigh-power processor coupled to the high-power wireless transceiver,wherein transitioning to the high-power mode comprises waking-up thehigh-power processor, the high-power wireless transceiver, or both. 13.The electronic device of claim 8, wherein the electronic devicecomprises a thermostat, a hazard detector, a smart doorbell, a securitysystem, an irrigation system, a smart television, a sound sensor, or anycombination thereof.
 14. The electronic device of claim 8, wherein theserver is connected to the same local area network as the electronicdevice, or the server is a cloud-based server.
 15. A system comprising:a server; and a smart-home device configured to: determine one or moredevice operation status parameters of the smart-home device comprising:a battery level of the smart-home device; a battery charging rate of thesmart-home device; an age of the smart-home device; a planned lifespanof the smart-home device; a recent wireless usage of the smart-homedevice; an internal temperature of the smart-home; or any of the abovein relation to an intervening device over which communication to thesmart-home device travels; or any combination thereof; receive, whilethe smart-home device is in a low-power mode, an incoming communicationdirected to the smart-home device from the server; based at least inpart on the one or more device operation status parameters, determine,while the smart-home device is in a low-power mode, to: transition to ahigh-power mode; and consume the received communication; or: remain inthe low-power mode; and ignore the communication.
 16. The system ofclaim 15, wherein the one or more device operation status parameters areused to determine whether to transition to the high-power mode by:determining whether the battery level exceeds a first threshold; anddetermining not to transition to the high-power mode when the batterylevel does not exceed the first threshold.
 17. The system of claim 16,when the battery level exceeds the first threshold, the smart-homedevice is configured to: transition to the high-power mode; and consumethe received communication.
 18. The system of claim 16, wherein thesmart-home device is configured to: determine the first threshold basedat least in part on the battery charging rate of the smart-home device,the age of the smart-home device, or the planned lifespan of thesmart-home device, or any combination thereof.
 19. The system of claim15, wherein the smart-home device comprises a thermostat, a hazarddetector, a smart doorbell, a security system, an irrigation system, asmart television, a sound sensor, or any combination thereof.
 20. Thesystem of claim 15, wherein the server is connected to the same localarea network as the smart-home device, or the server is a cloud-basedserver.